This is an archive of the discontinued LLVM Phabricator instance.

Differential D54589

[clang][UBSan] Sanitization for alignment assumptions.
ClosedPublic

Authored by lebedev.ri on Nov 15 2018, 10:25 AM.

Details

Reviewers
ABataev
craig.topper
vsk
rsmith
rnk
erichkeane
filcab
rjmccall
Group Reviewers
Restricted Project
Commits
rGbd1c0870198e: [clang][UBSan] Sanitization for alignment assumptions.
rG7892c37455d5: [clang][UBSan] Sanitization for alignment assumptions.
rL351177: [clang][UBSan] Sanitization for alignment assumptions.
rC351177: [clang][UBSan] Sanitization for alignment assumptions.
rL351105: [clang][UBSan] Sanitization for alignment assumptions.
rC351105: [clang][UBSan] Sanitization for alignment assumptions.
Summary

UB isn't nice. It's cool and powerful, but not nice.
Having a way to detect it is nice though.
P1007R3: std::assume_aligned / http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p1007r2.pdf says:

We propose to add this functionality via a library function instead of a core language attribute.
...
If the pointer passed in is not aligned to at least N bytes, calling assume_aligned results in undefined behaviour.

This differential teaches clang to sanitize all the various variants of this assume-aligned attribute.

Requires D54588 for LLVM IRBuilder changes.
The compiler-rt part is D54590.

Diff Detail

Repository
rC Clang

Event Timeline

lebedev.ri created this revision.Nov 15 2018, 10:25 AM
lebedev.ri added a parent revision: D54588: [llvm][IRBuilder] Introspection for CreateAlignmentAssumption*() functions.
lebedev.ri mentioned this in D54590: [compiler-rt][UBSan] Sanitization for alignment assumptions..
lebedev.ri edited the summary of this revision. (Show Details)
lebedev.ri updated this revision to Diff 174451.Nov 16 2018, 2:30 PM

Adapt to D54588 no longer providing the actual pointer.
The handled itself will have to deal with subtracting the offset.

lebedev.ri added a comment.Nov 26 2018, 12:22 AM

ping

rjmccall added inline comments.Nov 26 2018, 11:58 AM
docs/UndefinedBehaviorSanitizer.rst
75

assume_aligned-like

199

Is there a reason for this exception?

lib/CodeGen/CGBuiltin.cpp
1916–1917

Is this {}-initializing a SourceLocation? Please use SourceLocation() instead and put the comment before it.

lib/CodeGen/CodeGenFunction.cpp
2509

What's the deal with the two different source locations?

lib/CodeGen/CodeGenFunction.h
2827

dyn_cast, please. And these two methods should really be defined out-of-line.

lebedev.ri added inline comments.Nov 26 2018, 12:16 PM
docs/UndefinedBehaviorSanitizer.rst
199

Are you asking about the LHS of the diff, or about adding an exception to that for this sanitizer?
I'm adding an exception here because i don't know what should be done here.
Does it make sense to emit an assumptions for volatile pointers, but do not sanitize these assumptions?

lib/CodeGen/CGBuiltin.cpp
1916–1917

Is this {}-initializing a SourceLocation?

Yes

Ok.

lib/CodeGen/CodeGenFunction.cpp
2509

The first one points to the source-location of this alignment assumption.
The second one *may* point to the location where the alignment was specified.
See e.g. "test/ubsan/TestCases/Pointer/alignment-assumption-attribute-align_value-on-lvalue.cpp" in https://reviews.llvm.org/D54590#change-jI44M13yrBNo

rjmccall added inline comments.Nov 26 2018, 12:54 PM
docs/UndefinedBehaviorSanitizer.rst
199

Are you asking about the LHS of the diff, or about adding an exception to that for this sanitizer?

I'm asking about adding a new exception for one portion of one sanitizer.

I'm adding an exception here because i don't know what should be done here.

Okay, that's not a good enough reason.

The overall rule for annotation-based language/tool designs is that explicit/specific/close wins over implicit/general/distant. So the question is: how does that rule apply here?

You can't end up with a pointer to volatile completely implicitly — at some point, a programmer was explicit about requesting volatile semantics, and that has somehow propagated to this particular access/assumption site. So that's a pretty strong piece of information, and if we have a general rule for the sanitizers that volatile bypasses the check, it's generally a good idea to be consistent with that.

On the other hand, these assumption annotations are themselves always explicit, right? If you have to be explicit about putting align_value on a specific pointer variable, and that pointer just happens to be volatile-qualified, we probably *shouldn't* bypass the check: that's about an explicit, specific, and close as a programmer can get, just short of literally writing it on every access to the variable. The only counter-argument is that maybe the pointer is only volatile-qualified because of template instantiation or something.

So I think it makes sense to enforce it for at least some of these annotations and/or builtin calls, but we should be clear about *why* it makes sense. However, it's possible that I may be misunderstanding part of the motivation behind the general exception for volatile, so you should reach out for input from the UBSan etc. people.

lib/CodeGen/CodeGenFunction.cpp
2509

I see, so the runtime diagnostic can point to the second location if it's known.

The parameter names do not make that clear at all. It should at least be documented, and you should probably change the variable names to be clearer.

lebedev.ri marked an inline comment as done.Nov 26 2018, 1:16 PM
lebedev.ri added inline comments.
docs/UndefinedBehaviorSanitizer.rst
199

Tried with nullability attributes https://godbolt.org/z/rJUb9U
They do not bypass this "ignore volatile".
So i guess i will drop this exception.

lebedev.ri marked an inline comment as not done.Nov 26 2018, 1:18 PM
lebedev.ri added inline comments.
docs/UndefinedBehaviorSanitizer.rst
199

Whoops, i meant nullable of course, showed the wrong snippet https://godbolt.org/z/DbzKK0

lebedev.ri updated this revision to Diff 175407.Nov 26 2018, 11:58 PM
lebedev.ri marked 11 inline comments as done.

Address @rjmccall review notes.

rjmccall added inline comments.Nov 27 2018, 8:13 AM
docs/ReleaseNotes.rst
337

unfinished

docs/UndefinedBehaviorSanitizer.rst
199

Okay, WFM.

lib/CodeGen/CGStmtOpenMP.cpp
1475–1476

Same comment here about SourceLocation().

lib/CodeGen/CodeGenFunction.cpp
2506

typo

lebedev.ri updated this revision to Diff 175494.Nov 27 2018, 8:27 AM
lebedev.ri marked 4 inline comments as done.

Address @rjmccall review notes.

rjmccall accepted this revision.Nov 27 2018, 9:39 AM

LGTM.

This revision is now accepted and ready to land.Nov 27 2018, 9:39 AM
lebedev.ri added a comment.Nov 27 2018, 9:43 AM
In D54589#1309929, @rjmccall wrote:

LGTM.

Thank you for the review!

lebedev.ri mentioned this in D54966: Implement P1007R3 `std::assume_aligned`.Nov 27 2018, 12:39 PM
lebedev.ri updated this revision to Diff 179272.Dec 21 2018, 5:19 AM

Rebased, NFC.

lebedev.ri updated this revision to Diff 181608.Jan 14 2019, 11:07 AM

Rebased before commit, NFC.

Closed by commit rC351105: [clang][UBSan] Sanitization for alignment assumptions. (authored by lebedevri). · Explain WhyJan 14 2019, 11:13 AM
This revision was automatically updated to reflect the committed changes.
Diffusion mentioned this in rL351106: [compiler-rt][UBSan] Sanitization for alignment assumptions..
Diffusion mentioned this in rCRT351106: [compiler-rt][UBSan] Sanitization for alignment assumptions..
Diffusion mentioned this in rL351178: [compiler-rt][UBSan] Sanitization for alignment assumptions..Jan 15 2019, 1:48 AM
Diffusion mentioned this in rCRT351178: [compiler-rt][UBSan] Sanitization for alignment assumptions..

Revision Contents

Diff 181613

docs/ReleaseNotes.rst

Show First 20 LinesShow All 315 Lines▼ Show 20 Lines* The Implicit Conversion Sanitizer (``-fsanitize=implicit-conversion``) group
hard to track down. This group is **not** enabled by ``-fsanitize=undefined``, hard to track down. This group is **not** enabled by ``-fsanitize=undefined``,
but the ``-fsanitize=implicit-integer-sign-change`` check but the ``-fsanitize=implicit-integer-sign-change`` check
is enabled by ``-fsanitize=integer``. is enabled by ``-fsanitize=integer``.
(as is ``-fsanitize=implicit-integer-truncation`` check) (as is ``-fsanitize=implicit-integer-truncation`` check)
* The Implicit Conversion Sanitizer (``-fsanitize=implicit-conversion``) has * The Implicit Conversion Sanitizer (``-fsanitize=implicit-conversion``) has
learned to sanitize compound assignment operators. learned to sanitize compound assignment operators.
* ``alignment`` check has learned to sanitize the assume_aligned-like attributes:
.. code-block:: c++
typedef char **__attribute__((align_value(1024))) aligned_char;
struct ac_struct {
aligned_char a;
};
char **load_from_ac_struct(struct ac_struct *x) {
return x->a; // <- check that loaded 'a' is aligned
}
char **passthrough(__attribute__((align_value(1024))) char **x) {
return x; // <- check the pointer passed as function argument
rjmccallUnsubmitted
Done
ReplyInline Actions

unfinished

rjmccall: unfinished
}
char **__attribute__((alloc_align(2)))
alloc_align(int size, unsigned long alignment);
char **caller(int size) {
return alloc_align(size, 1024); // <- check returned pointer
}
char **__attribute__((assume_aligned(1024))) get_ptr();
char **caller2() {
return get_ptr(); // <- check returned pointer
}
void *caller3(char **x) {
return __builtin_assume_aligned(x, 1024); // <- check returned pointer
}
void *caller4(char **x, unsigned long offset) {
return __builtin_assume_aligned(x, 1024, offset); // <- check returned pointer accounting for the offest
}
void process(char *data, int width) {
#pragma omp for simd aligned(data : 1024) // <- aligned clause will be checked.
for (int x = 0; x < width; x++)
data[x] *= data[x];
}
Core Analysis Improvements Core Analysis Improvements
========================== ==========================
- ... - ...
New Issues Found New Issues Found
================ ================
Show All 25 Lines

docs/UndefinedBehaviorSanitizer.rst

Show First 20 LinesShow All 66 Lines▼ Show 20 Lines
.. _ubsan-checks: .. _ubsan-checks:
Available checks Available checks
================ ================
Available checks are: Available checks are:
- ``-fsanitize=alignment``: Use of a misaligned pointer or creation - ``-fsanitize=alignment``: Use of a misaligned pointer or creation
of a misaligned reference. of a misaligned reference. Also sanitizes assume_aligned-like attributes.
rjmccallUnsubmitted
Done
ReplyInline Actions

assume_aligned-like

rjmccall: `assume_aligned`-like
- ``-fsanitize=bool``: Load of a ``bool`` value which is neither - ``-fsanitize=bool``: Load of a ``bool`` value which is neither
``true`` nor ``false``. ``true`` nor ``false``.
- ``-fsanitize=builtin``: Passing invalid values to compiler builtins. - ``-fsanitize=builtin``: Passing invalid values to compiler builtins.
- ``-fsanitize=bounds``: Out of bounds array indexing, in cases - ``-fsanitize=bounds``: Out of bounds array indexing, in cases
where the array bound can be statically determined. where the array bound can be statically determined.
- ``-fsanitize=enum``: Load of a value of an enumerated type which - ``-fsanitize=enum``: Load of a value of an enumerated type which
is not in the range of representable values for that enumerated is not in the range of representable values for that enumerated
type. type.
▲ Show 20 LinesShow All 107 Lines▼ Show 20 Lines - ``-fsanitize=nullability``: Enables ``nullability-arg``,
so UBSan offers to catch it. so UBSan offers to catch it.
Volatile Volatile
-------- --------
The ``null``, ``alignment``, ``object-size``, and ``vptr`` checks do not apply The ``null``, ``alignment``, ``object-size``, and ``vptr`` checks do not apply
to pointers to types with the ``volatile`` qualifier. to pointers to types with the ``volatile`` qualifier.
Minimal Runtime Minimal Runtime
rjmccallUnsubmitted
Done
ReplyInline Actions

Is there a reason for this exception?

rjmccall: Is there a reason for this exception?
lebedev.riAuthorUnsubmitted
Done
ReplyInline Actions

Are you asking about the LHS of the diff, or about adding an exception to that for this sanitizer?
I'm adding an exception here because i don't know what should be done here.
Does it make sense to emit an assumptions for volatile pointers, but do not sanitize these assumptions?

lebedev.ri: Are you asking about the LHS of the diff, or about adding an exception to that for this…
rjmccallUnsubmitted
Done
ReplyInline Actions

Are you asking about the LHS of the diff, or about adding an exception to that for this sanitizer?

I'm asking about adding a new exception for one portion of one sanitizer.

I'm adding an exception here because i don't know what should be done here.

Okay, that's not a good enough reason.

The overall rule for annotation-based language/tool designs is that explicit/specific/close wins over implicit/general/distant. So the question is: how does that rule apply here?

You can't end up with a pointer to volatile completely implicitly — at some point, a programmer was explicit about requesting volatile semantics, and that has somehow propagated to this particular access/assumption site. So that's a pretty strong piece of information, and if we have a general rule for the sanitizers that volatile bypasses the check, it's generally a good idea to be consistent with that.

On the other hand, these assumption annotations are themselves always explicit, right? If you have to be explicit about putting align_value on a specific pointer variable, and that pointer just happens to be volatile-qualified, we probably *shouldn't* bypass the check: that's about an explicit, specific, and close as a programmer can get, just short of literally writing it on every access to the variable. The only counter-argument is that maybe the pointer is only volatile-qualified because of template instantiation or something.

So I think it makes sense to enforce it for at least some of these annotations and/or builtin calls, but we should be clear about *why* it makes sense. However, it's possible that I may be misunderstanding part of the motivation behind the general exception for volatile, so you should reach out for input from the UBSan etc. people.

rjmccall: > Are you asking about the LHS of the diff, or about adding an exception to that for this…
lebedev.riAuthorUnsubmitted
Done
ReplyInline Actions

Tried with nullability attributes https://godbolt.org/z/rJUb9U
They do not bypass this "ignore volatile".
So i guess i will drop this exception.

lebedev.ri: Tried with nullability attributes https://godbolt.org/z/rJUb9U They do not bypass this "ignore…
lebedev.riAuthorUnsubmitted
Done
ReplyInline Actions

Whoops, i meant nullable of course, showed the wrong snippet https://godbolt.org/z/DbzKK0

lebedev.ri: Whoops, i meant `nullable` of course, showed the wrong snippet https://godbolt.org/z/DbzKK0
rjmccallUnsubmitted
Done
ReplyInline Actions

Okay, WFM.

rjmccall: Okay, WFM.
=============== ===============
There is a minimal UBSan runtime available suitable for use in production There is a minimal UBSan runtime available suitable for use in production
environments. This runtime has a small attack surface. It only provides very environments. This runtime has a small attack surface. It only provides very
basic issue logging and deduplication, and does not support ``-fsanitize=vptr`` basic issue logging and deduplication, and does not support ``-fsanitize=vptr``
checking. checking.
To use the minimal runtime, add ``-fsanitize-minimal-runtime`` to the clang To use the minimal runtime, add ``-fsanitize-minimal-runtime`` to the clang
▲ Show 20 LinesShow All 134 LinesShow Last 20 Lines

lib/CodeGen/CGBuiltin.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,898 Lines▼ Show 20 Lines if (CGM.getCodeGenOpts().OptimizationLevel == 0)
return RValue::get(ArgValue); return RValue::get(ArgValue);
Value *FnExpect = CGM.getIntrinsic(Intrinsic::expect, ArgType); Value *FnExpect = CGM.getIntrinsic(Intrinsic::expect, ArgType);
Value *Result = Value *Result =
Builder.CreateCall(FnExpect, {ArgValue, ExpectedValue}, "expval"); Builder.CreateCall(FnExpect, {ArgValue, ExpectedValue}, "expval");
return RValue::get(Result); return RValue::get(Result);
} }
case Builtin::BI__builtin_assume_aligned: { case Builtin::BI__builtin_assume_aligned: {
Value *PtrValue = EmitScalarExpr(E->getArg(0)); const Expr *Ptr = E->getArg(0);
Value *PtrValue = EmitScalarExpr(Ptr);
Value *OffsetValue = Value *OffsetValue =
(E->getNumArgs() > 2) ? EmitScalarExpr(E->getArg(2)) : nullptr; (E->getNumArgs() > 2) ? EmitScalarExpr(E->getArg(2)) : nullptr;
Value *AlignmentValue = EmitScalarExpr(E->getArg(1)); Value *AlignmentValue = EmitScalarExpr(E->getArg(1));
ConstantInt *AlignmentCI = cast<ConstantInt>(AlignmentValue); ConstantInt *AlignmentCI = cast<ConstantInt>(AlignmentValue);
unsigned Alignment = (unsigned) AlignmentCI->getZExtValue(); unsigned Alignment = (unsigned)AlignmentCI->getZExtValue();
EmitAlignmentAssumption(PtrValue, Alignment, OffsetValue); EmitAlignmentAssumption(PtrValue, Ptr, /*The expr loc is sufficient.*/ SourceLocation(),
Alignment, OffsetValue);
rjmccallUnsubmitted
Done
ReplyInline Actions

Is this {}-initializing a SourceLocation? Please use SourceLocation() instead and put the comment before it.

rjmccall: Is this `{}`-initializing a `SourceLocation`? Please use `SourceLocation()` instead and put…
lebedev.riAuthorUnsubmitted
Done
ReplyInline Actions

Is this {}-initializing a SourceLocation?

Yes

Ok.

lebedev.ri: > Is this `{}`-initializing a `SourceLocation`? Yes Ok.
return RValue::get(PtrValue); return RValue::get(PtrValue);
} }
case Builtin::BI__assume: case Builtin::BI__assume:
case Builtin::BI__builtin_assume: { case Builtin::BI__builtin_assume: {
if (E->getArg(0)->HasSideEffects(getContext())) if (E->getArg(0)->HasSideEffects(getContext()))
return RValue::get(nullptr); return RValue::get(nullptr);
Value *ArgValue = EmitScalarExpr(E->getArg(0)); Value *ArgValue = EmitScalarExpr(E->getArg(0));
▲ Show 20 LinesShow All 11,586 LinesShow Last 20 Lines

lib/CodeGen/CGCall.cpp

Show First 20 LinesShow All 2,404 Lines▼ Show 20 Lines case ABIArgInfo::Direct: {
!CGM.getCodeGenOpts().NullPointerIsValid) !CGM.getCodeGenOpts().NullPointerIsValid)
AI->addAttr(llvm::Attribute::NonNull); AI->addAttr(llvm::Attribute::NonNull);
} }
const auto *AVAttr = PVD->getAttr<AlignValueAttr>(); const auto *AVAttr = PVD->getAttr<AlignValueAttr>();
if (!AVAttr) if (!AVAttr)
if (const auto *TOTy = dyn_cast<TypedefType>(OTy)) if (const auto *TOTy = dyn_cast<TypedefType>(OTy))
AVAttr = TOTy->getDecl()->getAttr<AlignValueAttr>(); AVAttr = TOTy->getDecl()->getAttr<AlignValueAttr>();
if (AVAttr) { if (AVAttr && !SanOpts.has(SanitizerKind::Alignment)) {
// If alignment-assumption sanitizer is enabled, we do *not* add
// alignment attribute here, but emit normal alignment assumption,
// so the UBSAN check could function.
llvm::Value *AlignmentValue = llvm::Value *AlignmentValue =
EmitScalarExpr(AVAttr->getAlignment()); EmitScalarExpr(AVAttr->getAlignment());
llvm::ConstantInt *AlignmentCI = llvm::ConstantInt *AlignmentCI =
cast<llvm::ConstantInt>(AlignmentValue); cast<llvm::ConstantInt>(AlignmentValue);
unsigned Alignment = std::min((unsigned)AlignmentCI->getZExtValue(), unsigned Alignment = std::min((unsigned)AlignmentCI->getZExtValue(),
+llvm::Value::MaximumAlignment); +llvm::Value::MaximumAlignment);
AI->addAttrs(llvm::AttrBuilder().addAlignmentAttr(Alignment)); AI->addAttrs(llvm::AttrBuilder().addAlignmentAttr(Alignment));
} }
▲ Show 20 LinesShow All 2,108 Lines▼ Show 20 Lines#endif
if (Ret.isScalar() && TargetDecl) { if (Ret.isScalar() && TargetDecl) {
if (const auto *AA = TargetDecl->getAttr<AssumeAlignedAttr>()) { if (const auto *AA = TargetDecl->getAttr<AssumeAlignedAttr>()) {
llvm::Value *OffsetValue = nullptr; llvm::Value *OffsetValue = nullptr;
if (const auto *Offset = AA->getOffset()) if (const auto *Offset = AA->getOffset())
OffsetValue = EmitScalarExpr(Offset); OffsetValue = EmitScalarExpr(Offset);
llvm::Value *Alignment = EmitScalarExpr(AA->getAlignment()); llvm::Value *Alignment = EmitScalarExpr(AA->getAlignment());
llvm::ConstantInt *AlignmentCI = cast<llvm::ConstantInt>(Alignment); llvm::ConstantInt *AlignmentCI = cast<llvm::ConstantInt>(Alignment);
EmitAlignmentAssumption(Ret.getScalarVal(), AlignmentCI->getZExtValue(), EmitAlignmentAssumption(Ret.getScalarVal(), RetTy, Loc, AA->getLocation(),
OffsetValue); AlignmentCI->getZExtValue(), OffsetValue);
} else if (const auto *AA = TargetDecl->getAttr<AllocAlignAttr>()) { } else if (const auto *AA = TargetDecl->getAttr<AllocAlignAttr>()) {
llvm::Value *ParamVal = llvm::Value *AlignmentVal = CallArgs[AA->getParamIndex().getLLVMIndex()]
CallArgs[AA->getParamIndex().getLLVMIndex()].getRValue( .getRValue(*this)
*this).getScalarVal(); .getScalarVal();
EmitAlignmentAssumption(Ret.getScalarVal(), ParamVal); EmitAlignmentAssumption(Ret.getScalarVal(), RetTy, Loc, AA->getLocation(),
AlignmentVal);
} }
} }
return Ret; return Ret;
} }
CGCallee CGCallee::prepareConcreteCallee(CodeGenFunction &CGF) const { CGCallee CGCallee::prepareConcreteCallee(CodeGenFunction &CGF) const {
if (isVirtual()) { if (isVirtual()) {
Show All 20 Lines

lib/CodeGen/CGExprScalar.cpp

Show First 20 LinesShow All 252 Lines▼ Show 20 Lines if (const auto *DRE = dyn_cast<DeclRefExpr>(E)) {
const ValueDecl *VD = DRE->getDecl(); const ValueDecl *VD = DRE->getDecl();
if (VD->getType()->isReferenceType()) { if (VD->getType()->isReferenceType()) {
if (const auto *TTy = if (const auto *TTy =
dyn_cast<TypedefType>(VD->getType().getNonReferenceType())) dyn_cast<TypedefType>(VD->getType().getNonReferenceType()))
AVAttr = TTy->getDecl()->getAttr<AlignValueAttr>(); AVAttr = TTy->getDecl()->getAttr<AlignValueAttr>();
} else { } else {
// Assumptions for function parameters are emitted at the start of the // Assumptions for function parameters are emitted at the start of the
// function, so there is no need to repeat that here. // function, so there is no need to repeat that here,
if (isa<ParmVarDecl>(VD)) // unless the alignment-assumption sanitizer is enabled,
// then we prefer the assumption over alignment attribute
// on IR function param.
if (isa<ParmVarDecl>(VD) && !CGF.SanOpts.has(SanitizerKind::Alignment))
return; return;
AVAttr = VD->getAttr<AlignValueAttr>(); AVAttr = VD->getAttr<AlignValueAttr>();
} }
} }
if (!AVAttr) if (!AVAttr)
if (const auto *TTy = if (const auto *TTy =
dyn_cast<TypedefType>(E->getType())) dyn_cast<TypedefType>(E->getType()))
AVAttr = TTy->getDecl()->getAttr<AlignValueAttr>(); AVAttr = TTy->getDecl()->getAttr<AlignValueAttr>();
if (!AVAttr) if (!AVAttr)
return; return;
Value *AlignmentValue = CGF.EmitScalarExpr(AVAttr->getAlignment()); Value *AlignmentValue = CGF.EmitScalarExpr(AVAttr->getAlignment());
llvm::ConstantInt *AlignmentCI = cast<llvm::ConstantInt>(AlignmentValue); llvm::ConstantInt *AlignmentCI = cast<llvm::ConstantInt>(AlignmentValue);
CGF.EmitAlignmentAssumption(V, AlignmentCI->getZExtValue()); CGF.EmitAlignmentAssumption(V, E, AVAttr->getLocation(),
AlignmentCI->getZExtValue());
} }
/// EmitLoadOfLValue - Given an expression with complex type that represents a /// EmitLoadOfLValue - Given an expression with complex type that represents a
/// value l-value, this method emits the address of the l-value, then loads /// value l-value, this method emits the address of the l-value, then loads
/// and returns the result. /// and returns the result.
Value *EmitLoadOfLValue(const Expr *E) { Value *EmitLoadOfLValue(const Expr *E) {
Value *V = EmitLoadOfLValue(EmitCheckedLValue(E, CodeGenFunction::TCK_Load), Value *V = EmitLoadOfLValue(EmitCheckedLValue(E, CodeGenFunction::TCK_Load),
E->getExprLoc()); E->getExprLoc());
▲ Show 20 LinesShow All 4,235 LinesShow Last 20 Lines

lib/CodeGen/CGStmtOpenMP.cpp

Show First 20 LinesShow All 1,466 Lines▼ Show 20 Lines for (const Expr *E : Clause->varlists()) {
.toCharUnitsFromBits(CGF.getContext().getOpenMPDefaultSimdAlign( .toCharUnitsFromBits(CGF.getContext().getOpenMPDefaultSimdAlign(
E->getType()->getPointeeType())) E->getType()->getPointeeType()))
.getQuantity(); .getQuantity();
} }
assert((Alignment == 0 || llvm::isPowerOf2_32(Alignment)) && assert((Alignment == 0 || llvm::isPowerOf2_32(Alignment)) &&
"alignment is not power of 2"); "alignment is not power of 2");
if (Alignment != 0) { if (Alignment != 0) {
llvm::Value *PtrValue = CGF.EmitScalarExpr(E); llvm::Value *PtrValue = CGF.EmitScalarExpr(E);
CGF.EmitAlignmentAssumption(PtrValue, Alignment); CGF.EmitAlignmentAssumption(
PtrValue, E, /*No second loc needed*/ SourceLocation(), Alignment);
rjmccallUnsubmitted
Done
ReplyInline Actions

Same comment here about SourceLocation().

rjmccall: Same comment here about `SourceLocation()`.
} }
} }
} }
} }
void CodeGenFunction::EmitOMPPrivateLoopCounters( void CodeGenFunction::EmitOMPPrivateLoopCounters(
const OMPLoopDirective &S, CodeGenFunction::OMPPrivateScope &LoopScope) { const OMPLoopDirective &S, CodeGenFunction::OMPPrivateScope &LoopScope) {
if (!HaveInsertPoint()) if (!HaveInsertPoint())
▲ Show 20 LinesShow All 3,596 LinesShow Last 20 Lines

lib/CodeGen/CodeGenFunction.h

Show First 20 LinesShow All 125 Lines▼ Show 20 Lines#define LIST_SANITIZER_CHECKS \
SANITIZER_CHECK(NullabilityReturn, nullability_return, 1) \ SANITIZER_CHECK(NullabilityReturn, nullability_return, 1) \
SANITIZER_CHECK(NonnullArg, nonnull_arg, 0) \ SANITIZER_CHECK(NonnullArg, nonnull_arg, 0) \
SANITIZER_CHECK(NonnullReturn, nonnull_return, 1) \ SANITIZER_CHECK(NonnullReturn, nonnull_return, 1) \
SANITIZER_CHECK(OutOfBounds, out_of_bounds, 0) \ SANITIZER_CHECK(OutOfBounds, out_of_bounds, 0) \
SANITIZER_CHECK(PointerOverflow, pointer_overflow, 0) \ SANITIZER_CHECK(PointerOverflow, pointer_overflow, 0) \
SANITIZER_CHECK(ShiftOutOfBounds, shift_out_of_bounds, 0) \ SANITIZER_CHECK(ShiftOutOfBounds, shift_out_of_bounds, 0) \
SANITIZER_CHECK(SubOverflow, sub_overflow, 0) \ SANITIZER_CHECK(SubOverflow, sub_overflow, 0) \
SANITIZER_CHECK(TypeMismatch, type_mismatch, 1) \ SANITIZER_CHECK(TypeMismatch, type_mismatch, 1) \
SANITIZER_CHECK(AlignmentAssumption, alignment_assumption, 0) \
SANITIZER_CHECK(VLABoundNotPositive, vla_bound_not_positive, 0) SANITIZER_CHECK(VLABoundNotPositive, vla_bound_not_positive, 0)
enum SanitizerHandler { enum SanitizerHandler {
#define SANITIZER_CHECK(Enum, Name, Version) Enum, #define SANITIZER_CHECK(Enum, Name, Version) Enum,
LIST_SANITIZER_CHECKS LIST_SANITIZER_CHECKS
#undef SANITIZER_CHECK #undef SANITIZER_CHECK
}; };
▲ Show 20 LinesShow All 2,486 Lines▼ Show 20 Lines
void EmitBoundsCheck(const Expr *E, const Expr *Base, llvm::Value *Index, void EmitBoundsCheck(const Expr *E, const Expr *Base, llvm::Value *Index,
QualType IndexType, bool Accessed); QualType IndexType, bool Accessed);
llvm::Value *EmitScalarPrePostIncDec(const UnaryOperator *E, LValue LV, llvm::Value *EmitScalarPrePostIncDec(const UnaryOperator *E, LValue LV,
bool isInc, bool isPre); bool isInc, bool isPre);
ComplexPairTy EmitComplexPrePostIncDec(const UnaryOperator *E, LValue LV, ComplexPairTy EmitComplexPrePostIncDec(const UnaryOperator *E, LValue LV,
bool isInc, bool isPre); bool isInc, bool isPre);
void EmitAlignmentAssumption(llvm::Value *PtrValue, unsigned Alignment,
llvm::Value *OffsetValue = nullptr) {
Builder.CreateAlignmentAssumption(CGM.getDataLayout(), PtrValue, Alignment,
OffsetValue);
}
/// Converts Location to a DebugLoc, if debug information is enabled. /// Converts Location to a DebugLoc, if debug information is enabled.
llvm::DebugLoc SourceLocToDebugLoc(SourceLocation Location); llvm::DebugLoc SourceLocToDebugLoc(SourceLocation Location);
//===--------------------------------------------------------------------===// //===--------------------------------------------------------------------===//
// Declaration Emission // Declaration Emission
//===--------------------------------------------------------------------===// //===--------------------------------------------------------------------===//
▲ Show 20 LinesShow All 147 Lines▼ Show 20 Lines
/// Pass the result to unprotectFromPeepholes to declare that /// Pass the result to unprotectFromPeepholes to declare that
/// protection is no longer required. /// protection is no longer required.
/// ///
/// There's no particular reason why this shouldn't apply to /// There's no particular reason why this shouldn't apply to
/// l-values, it's just that no existing peepholes work on pointers. /// l-values, it's just that no existing peepholes work on pointers.
PeepholeProtection protectFromPeepholes(RValue rvalue); PeepholeProtection protectFromPeepholes(RValue rvalue);
void unprotectFromPeepholes(PeepholeProtection protection); void unprotectFromPeepholes(PeepholeProtection protection);
void EmitAlignmentAssumption(llvm::Value *PtrValue, llvm::Value *Alignment, void EmitAlignmentAssumptionCheck(llvm::Value *Ptr, QualType Ty,
llvm::Value *OffsetValue = nullptr) { SourceLocation Loc,
Builder.CreateAlignmentAssumption(CGM.getDataLayout(), PtrValue, Alignment, SourceLocation AssumptionLoc,
OffsetValue); llvm::Value *Alignment,
} llvm::Value *OffsetValue,
llvm::Value *TheCheck,
llvm::Instruction *Assumption);
void EmitAlignmentAssumption(llvm::Value *PtrValue, QualType Ty,
SourceLocation Loc, SourceLocation AssumptionLoc,
llvm::Value *Alignment,
llvm::Value *OffsetValue = nullptr);
void EmitAlignmentAssumption(llvm::Value *PtrValue, QualType Ty,
SourceLocation Loc, SourceLocation AssumptionLoc,
unsigned Alignment,
llvm::Value *OffsetValue = nullptr);
void EmitAlignmentAssumption(llvm::Value *PtrValue, const Expr *E,
SourceLocation AssumptionLoc, unsigned Alignment,
llvm::Value *OffsetValue = nullptr);
//===--------------------------------------------------------------------===// //===--------------------------------------------------------------------===//
// Statement Emission // Statement Emission
//===--------------------------------------------------------------------===// //===--------------------------------------------------------------------===//
/// EmitStopPoint - Emit a debug stoppoint if we are emitting debug info. /// EmitStopPoint - Emit a debug stoppoint if we are emitting debug info.
void EmitStopPoint(const Stmt *S); void EmitStopPoint(const Stmt *S);
rjmccallUnsubmitted
Done
ReplyInline Actions

dyn_cast, please. And these two methods should really be defined out-of-line.

rjmccall: `dyn_cast`, please. And these two methods should really be defined out-of-line.
/// EmitStmt - Emit the code for the statement \arg S. It is legal to call /// EmitStmt - Emit the code for the statement \arg S. It is legal to call
/// this function even if there is no current insertion point. /// this function even if there is no current insertion point.
/// ///
/// This function may clear the current insertion point; callers should use /// This function may clear the current insertion point; callers should use
/// EnsureInsertPoint if they wish to subsequently generate code without first /// EnsureInsertPoint if they wish to subsequently generate code without first
/// calling EmitBlock, EmitBranch, or EmitStmt. /// calling EmitBlock, EmitBranch, or EmitStmt.
void EmitStmt(const Stmt *S, ArrayRef<const Attr *> Attrs = None); void EmitStmt(const Stmt *S, ArrayRef<const Attr *> Attrs = None);
▲ Show 20 LinesShow All 1,538 LinesShow Last 20 Lines

lib/CodeGen/CodeGenFunction.cpp

Show First 20 LinesShow All 2,201 Lines▼ Show 20 Lines
void CodeGenFunction::unprotectFromPeepholes(PeepholeProtection protection) { void CodeGenFunction::unprotectFromPeepholes(PeepholeProtection protection) {
if (!protection.Inst) return; if (!protection.Inst) return;
// In theory, we could try to duplicate the peepholes now, but whatever. // In theory, we could try to duplicate the peepholes now, but whatever.
protection.Inst->eraseFromParent(); protection.Inst->eraseFromParent();
} }
void CodeGenFunction::EmitAlignmentAssumption(llvm::Value *PtrValue,
QualType Ty, SourceLocation Loc,
SourceLocation AssumptionLoc,
llvm::Value *Alignment,
llvm::Value *OffsetValue) {
llvm::Value *TheCheck;
llvm::Instruction *Assumption = Builder.CreateAlignmentAssumption(
CGM.getDataLayout(), PtrValue, Alignment, OffsetValue, &TheCheck);
if (SanOpts.has(SanitizerKind::Alignment)) {
EmitAlignmentAssumptionCheck(PtrValue, Ty, Loc, AssumptionLoc, Alignment,
OffsetValue, TheCheck, Assumption);
}
}
void CodeGenFunction::EmitAlignmentAssumption(llvm::Value *PtrValue,
QualType Ty, SourceLocation Loc,
SourceLocation AssumptionLoc,
unsigned Alignment,
llvm::Value *OffsetValue) {
llvm::Value *TheCheck;
llvm::Instruction *Assumption = Builder.CreateAlignmentAssumption(
CGM.getDataLayout(), PtrValue, Alignment, OffsetValue, &TheCheck);
if (SanOpts.has(SanitizerKind::Alignment)) {
llvm::Value *AlignmentVal = llvm::ConstantInt::get(IntPtrTy, Alignment);
EmitAlignmentAssumptionCheck(PtrValue, Ty, Loc, AssumptionLoc, AlignmentVal,
OffsetValue, TheCheck, Assumption);
}
}
void CodeGenFunction::EmitAlignmentAssumption(llvm::Value *PtrValue,
const Expr *E,
SourceLocation AssumptionLoc,
unsigned Alignment,
llvm::Value *OffsetValue) {
if (auto *CE = dyn_cast<CastExpr>(E))
E = CE->getSubExprAsWritten();
QualType Ty = E->getType();
SourceLocation Loc = E->getExprLoc();
EmitAlignmentAssumption(PtrValue, Ty, Loc, AssumptionLoc, Alignment,
OffsetValue);
}
llvm::Value *CodeGenFunction::EmitAnnotationCall(llvm::Value *AnnotationFn, llvm::Value *CodeGenFunction::EmitAnnotationCall(llvm::Value *AnnotationFn,
llvm::Value *AnnotatedVal, llvm::Value *AnnotatedVal,
StringRef AnnotationStr, StringRef AnnotationStr,
SourceLocation Location) { SourceLocation Location) {
llvm::Value *Args[4] = { llvm::Value *Args[4] = {
AnnotatedVal, AnnotatedVal,
Builder.CreateBitCast(CGM.EmitAnnotationString(AnnotationStr), Int8PtrTy), Builder.CreateBitCast(CGM.EmitAnnotationString(AnnotationStr), Int8PtrTy),
Builder.CreateBitCast(CGM.EmitAnnotationUnit(Location), Int8PtrTy), Builder.CreateBitCast(CGM.EmitAnnotationUnit(Location), Int8PtrTy),
▲ Show 20 LinesShow All 236 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitMultiVersionResolver(
Builder.SetInsertPoint(CurBlock); Builder.SetInsertPoint(CurBlock);
llvm::CallInst *TrapCall = EmitTrapCall(llvm::Intrinsic::trap); llvm::CallInst *TrapCall = EmitTrapCall(llvm::Intrinsic::trap);
TrapCall->setDoesNotReturn(); TrapCall->setDoesNotReturn();
TrapCall->setDoesNotThrow(); TrapCall->setDoesNotThrow();
Builder.CreateUnreachable(); Builder.CreateUnreachable();
Builder.ClearInsertionPoint(); Builder.ClearInsertionPoint();
} }
// Loc - where the diagnostic will point, where in the source code this
// alignment has failed.
rjmccallUnsubmitted
Done
ReplyInline Actions

typo

rjmccall: typo
// SecondaryLoc - if present (will be present if sufficiently different from
// Loc), the diagnostic will additionally point a "Note:" to this location.
// It should be the location where the __attribute__((assume_aligned))
rjmccallUnsubmitted
Done
ReplyInline Actions

What's the deal with the two different source locations?

rjmccall: What's the deal with the two different source locations?
lebedev.riAuthorUnsubmitted
Done
ReplyInline Actions

The first one points to the source-location of this alignment assumption.
The second one *may* point to the location where the alignment was specified.
See e.g. "test/ubsan/TestCases/Pointer/alignment-assumption-attribute-align_value-on-lvalue.cpp" in https://reviews.llvm.org/D54590#change-jI44M13yrBNo

lebedev.ri: The first one points to the source-location of this alignment assumption. The second one *may*…
rjmccallUnsubmitted
Done
ReplyInline Actions

I see, so the runtime diagnostic can point to the second location if it's known.

The parameter names do not make that clear at all. It should at least be documented, and you should probably change the variable names to be clearer.

rjmccall: I see, so the runtime diagnostic can point to the second location if it's known. The parameter…
// was written e.g.
void CodeGenFunction::EmitAlignmentAssumptionCheck(
llvm::Value *Ptr, QualType Ty, SourceLocation Loc,
SourceLocation SecondaryLoc, llvm::Value *Alignment,
llvm::Value *OffsetValue, llvm::Value *TheCheck,
llvm::Instruction *Assumption) {
assert(Assumption && isa<llvm::CallInst>(Assumption) &&
cast<llvm::CallInst>(Assumption)->getCalledValue() ==
llvm::Intrinsic::getDeclaration(
Builder.GetInsertBlock()->getParent()->getParent(),
llvm::Intrinsic::assume) &&
"Assumption should be a call to llvm.assume().");
assert(&(Builder.GetInsertBlock()->back()) == Assumption &&
"Assumption should be the last instruction of the basic block, "
"since the basic block is still being generated.");
if (!SanOpts.has(SanitizerKind::Alignment))
return;
// Don't check pointers to volatile data. The behavior here is implementation-
// defined.
if (Ty->getPointeeType().isVolatileQualified())
return;
// We need to temorairly remove the assumption so we can insert the
// sanitizer check before it, else the check will be dropped by optimizations.
Assumption->removeFromParent();
{
SanitizerScope SanScope(this);
if (!OffsetValue)
OffsetValue = Builder.getInt1(0); // no offset.
llvm::Constant *StaticData[] = {EmitCheckSourceLocation(Loc),
EmitCheckSourceLocation(SecondaryLoc),
EmitCheckTypeDescriptor(Ty)};
llvm::Value *DynamicData[] = {EmitCheckValue(Ptr),
EmitCheckValue(Alignment),
EmitCheckValue(OffsetValue)};
EmitCheck({std::make_pair(TheCheck, SanitizerKind::Alignment)},
SanitizerHandler::AlignmentAssumption, StaticData, DynamicData);
}
// We are now in the (new, empty) "cont" basic block.
// Reintroduce the assumption.
Builder.Insert(Assumption);
// FIXME: Assumption still has it's original basic block as it's Parent.
}
llvm::DebugLoc CodeGenFunction::SourceLocToDebugLoc(SourceLocation Location) { llvm::DebugLoc CodeGenFunction::SourceLocToDebugLoc(SourceLocation Location) {
if (CGDebugInfo *DI = getDebugInfo()) if (CGDebugInfo *DI = getDebugInfo())
return DI->SourceLocToDebugLoc(Location); return DI->SourceLocToDebugLoc(Location);
return llvm::DebugLoc(); return llvm::DebugLoc();
} }

test/CodeGen/catch-alignment-assumption-attribute-align_value-on-lvalue.cpp

// RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefixes=CHECK,CHECK-NOSANITIZE
// RUN: %clang_cc1 -fsanitize=alignment -fno-sanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-NORECOVER,CHECK-SANITIZE-UNREACHABLE
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-RECOVER
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-trap=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-TRAP,CHECK-SANITIZE-UNREACHABLE
typedef char **__attribute__((align_value(0x80000000))) aligned_char;
struct ac_struct {
// CHECK: %[[STRUCT_AC_STRUCT:.*]] = type { i8** }
aligned_char a;
};
// CHECK-SANITIZE-ANYRECOVER: @[[ALIGNED_CHAR:.*]] = {{.*}} c"'aligned_char' (aka 'char **')\00" }
// CHECK-SANITIZE-ANYRECOVER: @[[LINE_100_ALIGNMENT_ASSUMPTION:.*]] = {{.*}}, i32 100, i32 13 }, {{.*}}* @[[ALIGNED_CHAR]] }
char **load_from_ac_struct(struct ac_struct *x) {
// CHECK: define i8** @{{.*}}(%[[STRUCT_AC_STRUCT]]* %[[X:.*]])
// CHECK-NEXT: [[ENTRY:.*]]:
// CHECK-NEXT: %[[STRUCT_AC_STRUCT_ADDR:.*]] = alloca %[[STRUCT_AC_STRUCT]]*, align 8
// CHECK-NEXT: store %[[STRUCT_AC_STRUCT]]* %[[X]], %[[STRUCT_AC_STRUCT]]** %[[STRUCT_AC_STRUCT_ADDR]], align 8
// CHECK-NEXT: %[[X_RELOADED:.*]] = load %[[STRUCT_AC_STRUCT]]*, %[[STRUCT_AC_STRUCT]]** %[[STRUCT_AC_STRUCT_ADDR]], align 8
// CHECK: %[[A_ADDR:.*]] = getelementptr inbounds %[[STRUCT_AC_STRUCT]], %[[STRUCT_AC_STRUCT]]* %[[X_RELOADED]], i32 0, i32 0
// CHECK: %[[A:.*]] = load i8**, i8*** %[[A_ADDR]], align 8
// CHECK-NEXT: %[[PTRINT:.*]] = ptrtoint i8** %[[A]] to i64
// CHECK-NEXT: %[[MASKEDPTR:.*]] = and i64 %[[PTRINT]], 2147483647
// CHECK-NEXT: %[[MASKCOND:.*]] = icmp eq i64 %[[MASKEDPTR]], 0
// CHECK-SANITIZE-NEXT: %[[PTRINT_DUP:.*]] = ptrtoint i8** %[[A]] to i64, !nosanitize
// CHECK-SANITIZE-NEXT: br i1 %[[MASKCOND]], label %[[CONT:.*]], label %[[HANDLER_ALIGNMENT_ASSUMPTION:[^,]+]],{{.*}} !nosanitize
// CHECK-SANITIZE: [[HANDLER_ALIGNMENT_ASSUMPTION]]:
// CHECK-SANITIZE-NORECOVER-NEXT: call void @__ubsan_handle_alignment_assumption_abort(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-RECOVER-NEXT: call void @__ubsan_handle_alignment_assumption(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-TRAP-NEXT: call void @llvm.trap(){{.*}}, !nosanitize
// CHECK-SANITIZE-UNREACHABLE-NEXT: unreachable, !nosanitize
// CHECK-SANITIZE: [[CONT]]:
// CHECK-NEXT: call void @llvm.assume(i1 %[[MASKCOND]])
// CHECK-NEXT: ret i8** %[[A]]
// CHECK-NEXT: }
#line 100
return x->a;
}

test/CodeGen/catch-alignment-assumption-attribute-align_value-on-paramvar.cpp

// RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefixes=CHECK,CHECK-NOSANITIZE
// RUN: %clang_cc1 -fsanitize=alignment -fno-sanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-NORECOVER,CHECK-SANITIZE-UNREACHABLE
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-RECOVER
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-trap=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-TRAP,CHECK-SANITIZE-UNREACHABLE
// CHECK-SANITIZE-ANYRECOVER: @[[CHAR:.*]] = {{.*}} c"'char **'\00" }
// CHECK-SANITIZE-ANYRECOVER: @[[LINE_100_ALIGNMENT_ASSUMPTION:.*]] = {{.*}}, i32 100, i32 10 }, {{.*}}* @[[CHAR]] }
char **passthrough(__attribute__((align_value(0x80000000))) char **x) {
// CHECK-NOSANITIZE: define i8** @{{.*}}(i8** align 536870912 %[[X:.*]])
// CHECK-SANITIZE: define i8** @{{.*}}(i8** %[[X:.*]])
// CHECK-NEXT: [[entry:.*]]:
// CHECK-NEXT: %[[X_ADDR:.*]] = alloca i8**, align 8
// CHECK-NEXT: store i8** %[[X]], i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[X_RELOADED:.*]] = load i8**, i8*** %[[X_ADDR]], align 8
// CHECK-SANITIZE-NEXT: %[[PTRINT:.*]] = ptrtoint i8** %[[X_RELOADED]] to i64
// CHECK-SANITIZE-NEXT: %[[MASKEDPTR:.*]] = and i64 %[[PTRINT]], 2147483647
// CHECK-SANITIZE-NEXT: %[[MASKCOND:.*]] = icmp eq i64 %[[MASKEDPTR]], 0
// CHECK-SANITIZE-NEXT: %[[PTRINT_DUP:.*]] = ptrtoint i8** %[[X_RELOADED]] to i64, !nosanitize
// CHECK-SANITIZE-NEXT: br i1 %[[MASKCOND]], label %[[CONT:.*]], label %[[HANDLER_ALIGNMENT_ASSUMPTION:[^,]+]],{{.*}} !nosanitize
// CHECK-SANITIZE: [[HANDLER_ALIGNMENT_ASSUMPTION]]:
// CHECK-SANITIZE-NORECOVER-NEXT: call void @__ubsan_handle_alignment_assumption_abort(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-RECOVER-NEXT: call void @__ubsan_handle_alignment_assumption(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-TRAP-NEXT: call void @llvm.trap(){{.*}}, !nosanitize
// CHECK-SANITIZE-UNREACHABLE-NEXT: unreachable, !nosanitize
// CHECK-SANITIZE: [[CONT]]:
// CHECK-SANITIZE-NEXT: call void @llvm.assume(i1 %[[MASKCOND]])
// CHECK-NEXT: ret i8** %[[X_RELOADED]]
// CHECK-NEXT: }
#line 100
return x;
}

test/CodeGen/catch-alignment-assumption-attribute-alloc_align-on-function-variable.cpp

// RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefixes=CHECK,CHECK-NOSANITIZE
// RUN: %clang_cc1 -fsanitize=alignment -fno-sanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-NORECOVER,CHECK-SANITIZE-UNREACHABLE
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-RECOVER
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-trap=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-TRAP,CHECK-SANITIZE-UNREACHABLE
// CHECK-SANITIZE-ANYRECOVER: @[[CHAR:.*]] = {{.*}} c"'char **'\00" }
// CHECK-SANITIZE-ANYRECOVER: @[[LINE_100_ALIGNMENT_ASSUMPTION:.*]] = {{.*}}, i32 100, i32 10 }, {{.*}}* @[[CHAR]] }
char **__attribute__((alloc_align(2)))
passthrough(char **x, unsigned long alignment) {
// CHECK: define i8** @[[PASSTHROUGH:.*]](i8** %[[X:.*]], i64 %[[ALIGNMENT:.*]])
// CHECK-NEXT: entry:
// CHECK-NEXT: %[[X_ADDR:.*]] = alloca i8**, align 8
// CHECK-NEXT: %[[ALIGNMENT_ADDR:.*]] = alloca i64, align 8
// CHECK-NEXT: store i8** %[[X]], i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: store i64 %[[ALIGNMENT]], i64* %[[ALIGNMENT_ADDR]], align 8
// CHECK-NEXT: %[[X_RELOADED:.*]] = load i8**, i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: ret i8** %[[X_RELOADED]]
// CHECK-NEXT: }
return x;
}
char **caller(char **x, unsigned long alignment) {
// CHECK: define i8** @{{.*}}(i8** %[[X:.*]], i64 %[[ALIGNMENT:.*]])
// CHECK-NEXT: entry:
// CHECK-NEXT: %[[X_ADDR:.*]] = alloca i8**, align 8
// CHECK-NEXT: %[[ALIGNMENT_ADDR:.*]] = alloca i64, align 8
// CHECK-NEXT: store i8** %[[X]], i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: store i64 %[[ALIGNMENT]], i64* %[[ALIGNMENT_ADDR]], align 8
// CHECK-NEXT: %[[X_RELOADED:.*]] = load i8**, i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[ALIGNMENT_RELOADED:.*]] = load i64, i64* %[[ALIGNMENT_ADDR]], align 8
// CHECK-NEXT: %[[X_RETURNED:.*]] = call i8** @[[PASSTHROUGH]](i8** %[[X_RELOADED]], i64 %[[ALIGNMENT_RELOADED]])
// CHECK-NEXT: %[[ISPOSITIVE:.*]] = icmp sgt i64 %[[ALIGNMENT_RELOADED]], 0
// CHECK-NEXT: %[[POSITIVEMASK:.*]] = sub i64 %[[ALIGNMENT_RELOADED]], 1
// CHECK-NEXT: %[[MASK:.*]] = select i1 %[[ISPOSITIVE]], i64 %[[POSITIVEMASK]], i64 0
// CHECK-NEXT: %[[PTRINT:.*]] = ptrtoint i8** %[[X_RETURNED]] to i64
// CHECK-NEXT: %[[MASKEDPTR:.*]] = and i64 %[[PTRINT]], %[[MASK]]
// CHECK-NEXT: %[[MASKCOND:.*]] = icmp eq i64 %[[MASKEDPTR]], 0
// CHECK-SANITIZE-NEXT: %[[PTRINT_DUP:.*]] = ptrtoint i8** %[[X_RETURNED]] to i64, !nosanitize
// CHECK-SANITIZE-NEXT: br i1 %[[MASKCOND]], label %[[CONT:.*]], label %[[HANDLER_ALIGNMENT_ASSUMPTION:[^,]+]],{{.*}} !nosanitize
// CHECK-SANITIZE: [[HANDLER_ALIGNMENT_ASSUMPTION]]:
// CHECK-SANITIZE-NORECOVER-NEXT: call void @__ubsan_handle_alignment_assumption_abort(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 %[[ALIGNMENT_RELOADED]], i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-RECOVER-NEXT: call void @__ubsan_handle_alignment_assumption(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 %[[ALIGNMENT_RELOADED]], i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-TRAP-NEXT: call void @llvm.trap(){{.*}}, !nosanitize
// CHECK-SANITIZE-UNREACHABLE-NEXT: unreachable, !nosanitize
// CHECK-SANITIZE: [[CONT]]:
// CHECK-NEXT: call void @llvm.assume(i1 %[[MASKCOND]])
// CHECK-NEXT: ret i8** %[[X_RETURNED]]
// CHECK-NEXT: }
#line 100
return passthrough(x, alignment);
}

test/CodeGen/catch-alignment-assumption-attribute-alloc_align-on-function.cpp

// RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefixes=CHECK,CHECK-NOSANITIZE
// RUN: %clang_cc1 -fsanitize=alignment -fno-sanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-NORECOVER,CHECK-SANITIZE-UNREACHABLE
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-RECOVER
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-trap=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-TRAP,CHECK-SANITIZE-UNREACHABLE
// CHECK-SANITIZE-ANYRECOVER: @[[CHAR:.*]] = {{.*}} c"'char **'\00" }
// CHECK-SANITIZE-ANYRECOVER: @[[LINE_100_ALIGNMENT_ASSUMPTION:.*]] = {{.*}}, i32 100, i32 10 }, {{.*}}* @[[CHAR]] }
char **__attribute__((alloc_align(2)))
passthrough(char **x, unsigned long alignment) {
// CHECK: define i8** @[[PASSTHROUGH:.*]](i8** %[[X:.*]], i64 %[[ALIGNMENT:.*]])
// CHECK-NEXT: entry:
// CHECK-NEXT: %[[X_ADDR:.*]] = alloca i8**, align 8
// CHECK-NEXT: %[[ALIGNMENT_ADDR:.*]] = alloca i64, align 8
// CHECK-NEXT: store i8** %[[X]], i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: store i64 %[[ALIGNMENT]], i64* %[[ALIGNMENT_ADDR]], align 8
// CHECK-NEXT: %[[X_RELOADED:.*]] = load i8**, i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: ret i8** %[[X_RELOADED]]
// CHECK-NEXT: }
return x;
}
char **caller(char **x) {
// CHECK: define i8** @{{.*}}(i8** %[[X:.*]])
// CHECK-NEXT: entry:
// CHECK-NEXT: %[[X_ADDR:.*]] = alloca i8**, align 8
// CHECK-NEXT: store i8** %[[X]], i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[X_RELOADED:.*]] = load i8**, i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[X_RETURNED:.*]] = call i8** @[[PASSTHROUGH]](i8** %[[X_RELOADED]], i64 2147483648)
// CHECK-NEXT: %[[PTRINT:.*]] = ptrtoint i8** %[[X_RETURNED]] to i64
// CHECK-NEXT: %[[MASKEDPTR:.*]] = and i64 %[[PTRINT]], 2147483647
// CHECK-NEXT: %[[MASKCOND:.*]] = icmp eq i64 %[[MASKEDPTR]], 0
// CHECK-SANITIZE-NEXT: %[[PTRINT_DUP:.*]] = ptrtoint i8** %[[X_RETURNED]] to i64, !nosanitize
// CHECK-SANITIZE-NEXT: br i1 %[[MASKCOND]], label %[[CONT:.*]], label %[[HANDLER_ALIGNMENT_ASSUMPTION:[^,]+]],{{.*}} !nosanitize
// CHECK-SANITIZE: [[HANDLER_ALIGNMENT_ASSUMPTION]]:
// CHECK-SANITIZE-NORECOVER-NEXT: call void @__ubsan_handle_alignment_assumption_abort(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-RECOVER-NEXT: call void @__ubsan_handle_alignment_assumption(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-TRAP-NEXT: call void @llvm.trap(){{.*}}, !nosanitize
// CHECK-SANITIZE-UNREACHABLE-NEXT: unreachable, !nosanitize
// CHECK-SANITIZE: [[CONT]]:
// CHECK-NEXT: call void @llvm.assume(i1 %[[MASKCOND]])
// CHECK-NEXT: ret i8** %[[X_RETURNED]]
// CHECK-NEXT: }
#line 100
return passthrough(x, 0x80000000);
}

test/CodeGen/catch-alignment-assumption-attribute-assume_aligned-on-function-two-params.cpp

// RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefixes=CHECK,CHECK-NOSANITIZE
// RUN: %clang_cc1 -fsanitize=alignment -fno-sanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-NORECOVER,CHECK-SANITIZE-UNREACHABLE
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-RECOVER
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-trap=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-TRAP,CHECK-SANITIZE-UNREACHABLE
// CHECK-SANITIZE-ANYRECOVER: @[[CHAR:.*]] = {{.*}} c"'char **'\00" }
// CHECK-SANITIZE-ANYRECOVER: @[[LINE_100_ALIGNMENT_ASSUMPTION:.*]] = {{.*}}, i32 100, i32 10 }, {{.*}}* @[[CHAR]] }
char **__attribute__((assume_aligned(0x80000000, 42))) passthrough(char **x) {
// CHECK: define i8** @[[PASSTHROUGH:.*]](i8** %[[X:.*]])
// CHECK-NEXT: entry:
// CHECK-NEXT: %[[X_ADDR:.*]] = alloca i8**, align 8
// CHECK-NEXT: store i8** %[[X]], i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[X_RELOADED:.*]] = load i8**, i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: ret i8** %[[X_RELOADED]]
// CHECK-NEXT: }
return x;
}
char **caller(char **x) {
// CHECK: define i8** @{{.*}}(i8** %[[X:.*]])
// CHECK-NEXT: entry:
// CHECK-NEXT: %[[X_ADDR:.*]] = alloca i8**, align 8
// CHECK-NEXT: store i8** %[[X]], i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[X_RELOADED:.*]] = load i8**, i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[X_RETURNED:.*]] = call i8** @[[PASSTHROUGH]](i8** %[[X_RELOADED]])
// CHECK-NEXT: %[[PTRINT:.*]] = ptrtoint i8** %[[X_RETURNED]] to i64
// CHECK-NEXT: %[[OFFSETPTR:.*]] = sub i64 %[[PTRINT]], 42
// CHECK-NEXT: %[[MASKEDPTR:.*]] = and i64 %[[OFFSETPTR]], 2147483647
// CHECK-NEXT: %[[MASKCOND:.*]] = icmp eq i64 %[[MASKEDPTR]], 0
// CHECK-SANITIZE-NEXT: %[[PTRINT_DUP:.*]] = ptrtoint i8** %[[X_RETURNED]] to i64, !nosanitize
// CHECK-SANITIZE-NEXT: br i1 %[[MASKCOND]], label %[[CONT:.*]], label %[[HANDLER_ALIGNMENT_ASSUMPTION:[^,]+]],{{.*}} !nosanitize
// CHECK-SANITIZE: [[HANDLER_ALIGNMENT_ASSUMPTION]]:
// CHECK-SANITIZE-NORECOVER-NEXT: call void @__ubsan_handle_alignment_assumption_abort(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 42){{.*}}, !nosanitize
// CHECK-SANITIZE-RECOVER-NEXT: call void @__ubsan_handle_alignment_assumption(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 42){{.*}}, !nosanitize
// CHECK-SANITIZE-TRAP-NEXT: call void @llvm.trap(){{.*}}, !nosanitize
// CHECK-SANITIZE-UNREACHABLE-NEXT: unreachable, !nosanitize
// CHECK-SANITIZE: [[CONT]]:
// CHECK-NEXT: call void @llvm.assume(i1 %[[MASKCOND]])
// CHECK-NEXT: ret i8** %[[X_RETURNED]]
// CHECK-NEXT: }
#line 100
return passthrough(x);
}

test/CodeGen/catch-alignment-assumption-attribute-assume_aligned-on-function.cpp

// RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefixes=CHECK,CHECK-NOSANITIZE
// RUN: %clang_cc1 -fsanitize=alignment -fno-sanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-NORECOVER,CHECK-SANITIZE-UNREACHABLE
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-RECOVER
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-trap=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-TRAP,CHECK-SANITIZE-UNREACHABLE
// CHECK-SANITIZE-ANYRECOVER: @[[CHAR:.*]] = {{.*}} c"'char **'\00" }
// CHECK-SANITIZE-ANYRECOVER: @[[LINE_100_ALIGNMENT_ASSUMPTION:.*]] = {{.*}}, i32 100, i32 10 }, {{.*}}* @[[CHAR]] }
char **__attribute__((assume_aligned(0x80000000))) passthrough(char **x) {
// CHECK: define i8** @[[PASSTHROUGH:.*]](i8** %[[X:.*]])
// CHECK-NEXT: entry:
// CHECK-NEXT: %[[X_ADDR:.*]] = alloca i8**, align 8
// CHECK-NEXT: store i8** %[[X]], i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[X_RELOADED:.*]] = load i8**, i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: ret i8** %[[X_RELOADED]]
// CHECK-NEXT: }
return x;
}
char **caller(char **x) {
// CHECK: define i8** @{{.*}}(i8** %[[X]])
// CHECK-NEXT: entry:
// CHECK-NEXT: %[[X_ADDR]] = alloca i8**, align 8
// CHECK-NEXT: store i8** %[[X]], i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[X_RELOADED:.*]] = load i8**, i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[X_RETURNED:.*]] = call i8** @[[PASSTHROUGH]](i8** %[[X_RELOADED]])
// CHECK-NEXT: %[[PTRINT:.*]] = ptrtoint i8** %[[X_RETURNED]] to i64
// CHECK-NEXT: %[[MASKEDPTR:.*]] = and i64 %[[PTRINT]], 2147483647
// CHECK-NEXT: %[[MASKCOND:.*]] = icmp eq i64 %[[MASKEDPTR]], 0
// CHECK-SANITIZE-NEXT: %[[PTRINT_DUP:.*]] = ptrtoint i8** %[[X_RETURNED]] to i64, !nosanitize
// CHECK-SANITIZE-NEXT: br i1 %[[MASKCOND]], label %[[CONT:.*]], label %[[HANDLER_ALIGNMENT_ASSUMPTION:[^,]+]],{{.*}} !nosanitize
// CHECK-SANITIZE: [[HANDLER_ALIGNMENT_ASSUMPTION]]:
// CHECK-SANITIZE-NORECOVER-NEXT: call void @__ubsan_handle_alignment_assumption_abort(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-RECOVER-NEXT: call void @__ubsan_handle_alignment_assumption(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-TRAP-NEXT: call void @llvm.trap(){{.*}}, !nosanitize
// CHECK-SANITIZE-UNREACHABLE-NEXT: unreachable, !nosanitize
// CHECK-SANITIZE: [[CONT]]:
// CHECK-NEXT: call void @llvm.assume(i1 %[[MASKCOND]])
// CHECK-NEXT: ret i8** %[[X_RETURNED]]
// CHECK-NEXT: }
#line 100
return passthrough(x);
}

test/CodeGen/catch-alignment-assumption-blacklist.c

// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK
// CHECK-LABEL: @baseline
void *baseline(void *x) {
// CHECK: call void @__ubsan_handle_alignment_assumption(
return __builtin_assume_aligned(x, 1);
}
// CHECK-LABEL: blacklist_0
__attribute__((no_sanitize("undefined"))) void *blacklist_0(void *x) {
return __builtin_assume_aligned(x, 1);
}
// CHECK-LABEL: blacklist_1
__attribute__((no_sanitize("alignment"))) void *blacklist_1(void *x) {
return __builtin_assume_aligned(x, 1);
}
// CHECK-LABEL: dont_ignore_volatile_ptrs
void *dont_ignore_volatile_ptrs(void * volatile x) {
// CHECK: call void @__ubsan_handle_alignment_assumption(
return __builtin_assume_aligned(x, 1);
}
// CHECK-LABEL: ignore_volatiles
void *ignore_volatiles(volatile void * x) {
return __builtin_assume_aligned(x, 1);
}

test/CodeGen/catch-alignment-assumption-builtin_assume_aligned-three-params-variable.cpp

// RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefixes=CHECK,CHECK-NOSANITIZE
// RUN: %clang_cc1 -fsanitize=alignment -fno-sanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-NORECOVER,CHECK-SANITIZE-UNREACHABLE
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-RECOVER
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-trap=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-TRAP,CHECK-SANITIZE-UNREACHABLE
// CHECK-SANITIZE-ANYRECOVER: @[[CHAR:.*]] = {{.*}} c"'char **'\00" }
// CHECK-SANITIZE-ANYRECOVER: @[[LINE_100_ALIGNMENT_ASSUMPTION:.*]] = {{.*}}, i32 100, i32 35 }, {{.*}}* @[[CHAR]] }
void *caller(char **x, unsigned long offset) {
// CHECK: define i8* @{{.*}}(i8** %[[X:.*]], i64 %[[OFFSET:.*]])
// CHECK-NEXT: entry:
// CHECK-NEXT: %[[X_ADDR:.*]] = alloca i8**, align 8
// CHECK-NEXT: %[[OFFSET_ADDR:.*]] = alloca i64, align 8
// CHECK-NEXT: store i8** %[[X]], i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: store i64 %[[OFFSET]], i64* %[[OFFSET_ADDR]], align 8
// CHECK-NEXT: %[[X_RELOADED:.*]] = load i8**, i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[BITCAST:.*]] = bitcast i8** %[[X_RELOADED]] to i8*
// CHECK-NEXT: %[[OFFSET_RELOADED:.*]] = load i64, i64* %[[OFFSET_ADDR]], align 8
// CHECK-NEXT: %[[PTRINT:.*]] = ptrtoint i8* %[[BITCAST]] to i64
// CHECK-NEXT: %[[OFFSETPTR:.*]] = sub i64 %[[PTRINT]], %[[OFFSET_RELOADED]]
// CHECK-NEXT: %[[MASKEDPTR:.*]] = and i64 %[[OFFSETPTR]], 2147483647
// CHECK-NEXT: %[[MASKCOND:.*]] = icmp eq i64 %[[MASKEDPTR]], 0
// CHECK-SANITIZE-NEXT: %[[PTRINT_DUP:.*]] = ptrtoint i8* %[[BITCAST]] to i64, !nosanitize
// CHECK-SANITIZE-NEXT: br i1 %[[MASKCOND]], label %[[CONT:.*]], label %[[HANDLER_ALIGNMENT_ASSUMPTION:[^,]+]],{{.*}} !nosanitize
// CHECK-SANITIZE: [[HANDLER_ALIGNMENT_ASSUMPTION]]:
// CHECK-SANITIZE-NORECOVER-NEXT: call void @__ubsan_handle_alignment_assumption_abort(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 %[[OFFSET_RELOADED]]){{.*}}, !nosanitize
// CHECK-SANITIZE-RECOVER-NEXT: call void @__ubsan_handle_alignment_assumption(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 %[[OFFSET_RELOADED]]){{.*}}, !nosanitize
// CHECK-SANITIZE-TRAP-NEXT: call void @llvm.trap(){{.*}}, !nosanitize
// CHECK-SANITIZE-UNREACHABLE-NEXT: unreachable, !nosanitize
// CHECK-SANITIZE: [[CONT]]:
// CHECK-NEXT: call void @llvm.assume(i1 %[[MASKCOND]])
// CHECK-NEXT: ret i8* %[[BITCAST]]
// CHECK-NEXT: }
#line 100
return __builtin_assume_aligned(x, 0x80000000, offset);
}

test/CodeGen/catch-alignment-assumption-builtin_assume_aligned-three-params.cpp

// RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefixes=CHECK,CHECK-NOSANITIZE
// RUN: %clang_cc1 -fsanitize=alignment -fno-sanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-NORECOVER,CHECK-SANITIZE-UNREACHABLE
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-RECOVER
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-trap=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-TRAP,CHECK-SANITIZE-UNREACHABLE
// CHECK-SANITIZE-ANYRECOVER: @[[CHAR:.*]] = {{.*}} c"'char **'\00" }
// CHECK-SANITIZE-ANYRECOVER: @[[LINE_100_ALIGNMENT_ASSUMPTION:.*]] = {{.*}}, i32 100, i32 35 }, {{.*}}* @[[CHAR]] }
void *caller(char **x) {
// CHECK: define i8* @{{.*}}(i8** %[[X:.*]])
// CHECK-NEXT: entry:
// CHECK-NEXT: %[[X_ADDR:.*]] = alloca i8**, align 8
// CHECK-NEXT: store i8** %[[X]], i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[X_RELOADED:.*]] = load i8**, i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[BITCAST:.*]] = bitcast i8** %[[X_RELOADED]] to i8*
// CHECK-NEXT: %[[PTRINT:.*]] = ptrtoint i8* %[[BITCAST]] to i64
// CHECK-NEXT: %[[OFFSETPTR:.*]] = sub i64 %[[PTRINT]], 42
// CHECK-NEXT: %[[MASKEDPTR:.*]] = and i64 %[[OFFSETPTR]], 2147483647
// CHECK-NEXT: %[[MASKCOND:.*]] = icmp eq i64 %[[MASKEDPTR]], 0
// CHECK-SANITIZE-NEXT: %[[PTRINT_DUP:.*]] = ptrtoint i8* %[[BITCAST]] to i64, !nosanitize
// CHECK-SANITIZE-NEXT: br i1 %[[MASKCOND]], label %[[CONT:.*]], label %[[HANDLER_ALIGNMENT_ASSUMPTION:[^,]+]],{{.*}} !nosanitize
// CHECK-SANITIZE: [[HANDLER_ALIGNMENT_ASSUMPTION]]:
// CHECK-SANITIZE-NORECOVER-NEXT: call void @__ubsan_handle_alignment_assumption_abort(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 42){{.*}}, !nosanitize
// CHECK-SANITIZE-RECOVER-NEXT: call void @__ubsan_handle_alignment_assumption(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 42){{.*}}, !nosanitize
// CHECK-SANITIZE-TRAP-NEXT: call void @llvm.trap(){{.*}}, !nosanitize
// CHECK-SANITIZE-UNREACHABLE-NEXT: unreachable, !nosanitize
// CHECK-SANITIZE: [[CONT]]:
// CHECK-NEXT: call void @llvm.assume(i1 %[[MASKCOND]])
// CHECK-NEXT: ret i8* %[[BITCAST]]
// CHECK-NEXT: }
#line 100
return __builtin_assume_aligned(x, 0x80000000, 42);
}

test/CodeGen/catch-alignment-assumption-builtin_assume_aligned-two-params.cpp

// RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefixes=CHECK,CHECK-NOSANITIZE
// RUN: %clang_cc1 -fsanitize=alignment -fno-sanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-NORECOVER,CHECK-SANITIZE-UNREACHABLE
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-RECOVER
// RUN: %clang_cc1 -fsanitize=alignment -fsanitize-trap=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-TRAP,CHECK-SANITIZE-UNREACHABLE
// CHECK-SANITIZE-ANYRECOVER: @[[CHAR:.*]] = {{.*}} c"'char **'\00" }
// CHECK-SANITIZE-ANYRECOVER: @[[LINE_100_ALIGNMENT_ASSUMPTION:.*]] = {{.*}}, i32 100, i32 35 }, {{.*}}* @[[CHAR]] }
void *caller(char **x) {
// CHECK: define i8* @{{.*}}(i8** %[[X:.*]])
// CHECK-NEXT: entry:
// CHECK-NEXT: %[[X_ADDR:.*]] = alloca i8**, align 8
// CHECK-NEXT: store i8** %[[X]], i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[X_RELOADED:.*]] = load i8**, i8*** %[[X_ADDR]], align 8
// CHECK-NEXT: %[[BITCAST:.*]] = bitcast i8** %[[X_RELOADED]] to i8*
// CHECK-NEXT: %[[PTRINT:.*]] = ptrtoint i8* %[[BITCAST]] to i64
// CHECK-NEXT: %[[MASKEDPTR:.*]] = and i64 %[[PTRINT]], 2147483647
// CHECK-NEXT: %[[MASKCOND:.*]] = icmp eq i64 %[[MASKEDPTR]], 0
// CHECK-SANITIZE-NEXT: %[[PTRINT_DUP:.*]] = ptrtoint i8* %[[BITCAST]] to i64, !nosanitize
// CHECK-SANITIZE-NEXT: br i1 %[[MASKCOND]], label %[[CONT:.*]], label %[[HANDLER_ALIGNMENT_ASSUMPTION:[^,]+]],{{.*}} !nosanitize
// CHECK-SANITIZE: [[HANDLER_ALIGNMENT_ASSUMPTION]]:
// CHECK-SANITIZE-NORECOVER-NEXT: call void @__ubsan_handle_alignment_assumption_abort(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-RECOVER-NEXT: call void @__ubsan_handle_alignment_assumption(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 2147483648, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-TRAP-NEXT: call void @llvm.trap(){{.*}}, !nosanitize
// CHECK-SANITIZE-UNREACHABLE-NEXT: unreachable, !nosanitize
// CHECK-SANITIZE: [[CONT]]:
// CHECK-NEXT: call void @llvm.assume(i1 %[[MASKCOND]])
// CHECK-NEXT: ret i8* %[[BITCAST]]
// CHECK-NEXT: }
#line 100
return __builtin_assume_aligned(x, 0x80000000);
}

test/CodeGen/catch-alignment-assumption-openmp.cpp

// RUN: %clang_cc1 -fopenmp-simd -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefixes=CHECK,CHECK-NOSANITIZE
// RUN: %clang_cc1 -fopenmp-simd -fsanitize=alignment -fno-sanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-NORECOVER,CHECK-SANITIZE-UNREACHABLE
// RUN: %clang_cc1 -fopenmp-simd -fsanitize=alignment -fsanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-RECOVER
// RUN: %clang_cc1 -fopenmp-simd -fsanitize=alignment -fsanitize-trap=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-TRAP,CHECK-SANITIZE-UNREACHABLE
// CHECK-SANITIZE-ANYRECOVER: @[[CHAR:.*]] = {{.*}} c"'char *'\00" }
// CHECK-SANITIZE-ANYRECOVER: @[[LINE_100_ALIGNMENT_ASSUMPTION:.*]] = {{.*}}, i32 100, i32 30 }, {{.*}}* @[[CHAR]] }
void func(char *data) {
// CHECK: define void @{{.*}}(i8* %[[DATA:.*]])
// CHECK-NEXT: [[ENTRY:.*]]:
// CHECK-NEXT: %[[DATA_ADDR:.*]] = alloca i8*, align 8
// CHECK: store i8* %[[DATA]], i8** %[[DATA_ADDR]], align 8
// CHECK: %[[DATA_RELOADED:.*]] = load i8*, i8** %[[DATA_ADDR]], align 8
// CHECK-NEXT: %[[PTRINT:.*]] = ptrtoint i8* %[[DATA_RELOADED]] to i64
// CHECK-NEXT: %[[MASKEDPTR:.*]] = and i64 %[[PTRINT]], 1073741823
// CHECK-NEXT: %[[MASKCOND:.*]] = icmp eq i64 %[[MASKEDPTR]], 0
// CHECK-SANITIZE-NEXT: %[[PTRINT_DUP:.*]] = ptrtoint i8* %[[DATA_RELOADED]] to i64, !nosanitize
// CHECK-SANITIZE-NEXT: br i1 %[[MASKCOND]], label %[[CONT:.*]], label %[[HANDLER_ALIGNMENT_ASSUMPTION:[^,]+]],{{.*}} !nosanitize
// CHECK-SANITIZE: [[HANDLER_ALIGNMENT_ASSUMPTION]]:
// CHECK-SANITIZE-NORECOVER-NEXT: call void @__ubsan_handle_alignment_assumption_abort(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 1073741824, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-RECOVER-NEXT: call void @__ubsan_handle_alignment_assumption(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[LINE_100_ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 1073741824, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-TRAP-NEXT: call void @llvm.trap(){{.*}}, !nosanitize
// CHECK-SANITIZE-UNREACHABLE-NEXT: unreachable, !nosanitize
// CHECK-SANITIZE: [[CONT]]:
// CHECK-NEXT: call void @llvm.assume(i1 %[[MASKCOND]])
#line 100
#pragma omp for simd aligned(data : 0x40000000)
for (int x = 0; x < 1; x++)
data[x] = data[x];
}