This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/trunk/
-
trunk/
-
lib/ubsan/
-
ubsan/
-
ubsan_flags.inc
-
ubsan_handlers.cc
-
test/ubsan/TestCases/Integer/
-
ubsan/
-
TestCases/
-
Integer/
-
no-recover.cpp

Differential D54771

[compiler-rt][UBSan] silence_unsigned_overflow: do NOT ignore fatal unsigned overflows
ClosedPublic

Authored by lebedev.ri on Nov 20 2018, 1:05 PM.

Download Raw Diff

Details

Reviewers

kcc
Dor1s
filcab
vsk
kubamracek

Group Reviewers

Restricted Project

Commits

rG1d0c7f563cec: [compiler-rt][UBSan] silence_unsigned_overflow: do *NOT* ignore *fatal*…
rCRT347415: [compiler-rt][UBSan] silence_unsigned_overflow: do *NOT* ignore *fatal*…
rL347415: [compiler-rt][UBSan] silence_unsigned_overflow: do *NOT* ignore *fatal*…

Summary

D48660 / rL335762 added a silence_unsigned_overflow env flag for oss-fuzz needs,
that allows to silence the reports from unsigned overflows.
It makes sense, it is there because -fsanitize=integer sanitizer is not enabled on oss-fuzz,
so this allows to still use it as an interestingness signal, without getting the actual reports.

However there is a slight problem here.
All types of unsigned overflows are ignored.
Even if -fno-sanitize-recover=unsigned was used (which means the program will die after the report)
there will still be no report, the program will just silently die.

At the moment there are just two projects on oss-fuzz that care:

libc++
RawSpeed (me)

I suppose this could be overridden there ^, but i really don't think this is intended behavior in any case..

Diff Detail

Repository: rL LLVM

Event Timeline

lebedev.ri created this revision.Nov 20 2018, 1:05 PM

Herald added a subscriber: dberris. · View Herald TranscriptNov 20 2018, 1:05 PM

Adjust the help text, too.

Nice! LGTM!

This revision is now accepted and ready to land.Nov 21 2018, 12:36 PM

Roman, I can land this CL for you next week, unless other reviewers have any complains :)

In D54771#1305646, @Dor1s wrote:

Nice! LGTM!

Thank you for the speedy review!

Closed by commit rL347415: [compiler-rt][UBSan] silence_unsigned_overflow: do *NOT* ignore *fatal*… (authored by lebedevri). · Explain WhyNov 21 2018, 12:38 PM

This revision was automatically updated to reflect the committed changes.

Herald added a subscriber: delcypher. · View Herald TranscriptNov 21 2018, 12:38 PM

Revision Contents

Path

Size

compiler-rt/

trunk/

lib/

ubsan/

ubsan_flags.inc

4 lines

ubsan_handlers.cc

4 lines

test/

ubsan/

TestCases/

Integer/

no-recover.cpp

4 lines

Diff 174967

compiler-rt/trunk/lib/ubsan/ubsan_flags.inc

	Show All 19 Lines
	UBSAN_FLAG(bool, halt_on_error, false,			UBSAN_FLAG(bool, halt_on_error, false,
	"Crash the program after printing the first error report")			"Crash the program after printing the first error report")
	UBSAN_FLAG(bool, print_stacktrace, false,			UBSAN_FLAG(bool, print_stacktrace, false,
	"Include full stacktrace into an error report")			"Include full stacktrace into an error report")
	UBSAN_FLAG(const char *, suppressions, "", "Suppressions file name.")			UBSAN_FLAG(const char *, suppressions, "", "Suppressions file name.")
	UBSAN_FLAG(bool, report_error_type, false,			UBSAN_FLAG(bool, report_error_type, false,
	"Print specific error type instead of 'undefined-behavior' in summary.")			"Print specific error type instead of 'undefined-behavior' in summary.")
	UBSAN_FLAG(bool, silence_unsigned_overflow, false,			UBSAN_FLAG(bool, silence_unsigned_overflow, false,
	"Do not print error reports for unsigned integer overflow. "			"Do not print non-fatal error reports for unsigned integer overflow. "
	"Used to provide fuzzing signal without blowing up logs.")			"Used to provide fuzzing signal without blowing up logs.")

compiler-rt/trunk/lib/ubsan/ubsan_handlers.cc

Show First 20 Lines • Show All 113 Lines • ▼ Show 20 Lines	static void handleIntegerOverflowImpl(OverflowData *Data, ValueHandle LHS,
SourceLocation Loc = Data->Loc.acquire();		SourceLocation Loc = Data->Loc.acquire();
bool IsSigned = Data->Type.isSignedIntegerTy();		bool IsSigned = Data->Type.isSignedIntegerTy();
ErrorType ET = IsSigned ? ErrorType::SignedIntegerOverflow		ErrorType ET = IsSigned ? ErrorType::SignedIntegerOverflow
: ErrorType::UnsignedIntegerOverflow;		: ErrorType::UnsignedIntegerOverflow;

if (ignoreReport(Loc, Opts, ET))		if (ignoreReport(Loc, Opts, ET))
return;		return;

if (!IsSigned && flags()->silence_unsigned_overflow)		// If this is an unsigned overflow in non-fatal mode, potentially ignore it.
		if (!IsSigned && !Opts.FromUnrecoverableHandler &&
		flags()->silence_unsigned_overflow)
return;		return;

ScopedReport R(Opts, Loc, ET);		ScopedReport R(Opts, Loc, ET);

Diag(Loc, DL_Error, ET, "%0 integer overflow: "		Diag(Loc, DL_Error, ET, "%0 integer overflow: "
"%1 %2 %3 cannot be represented in type %4")		"%1 %2 %3 cannot be represented in type %4")
<< (IsSigned ? "signed" : "unsigned") << Value(Data->Type, LHS)		<< (IsSigned ? "signed" : "unsigned") << Value(Data->Type, LHS)
<< Operator << RHS << Data->Type;		<< Operator << RHS << Data->Type;
▲ Show 20 Lines • Show All 673 Lines • Show Last 20 Lines

compiler-rt/trunk/test/ubsan/TestCases/Integer/no-recover.cpp

	// RUN: %clangxx -fsanitize=unsigned-integer-overflow %s -o %t && %run %t 2>&1 \| FileCheck %s --check-prefix=RECOVER			// RUN: %clangxx -fsanitize=unsigned-integer-overflow %s -o %t && %run %t 2>&1 \| FileCheck %s --check-prefix=RECOVER
	// RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=all -fsanitize-recover=unsigned-integer-overflow %s -o %t && %run %t 2>&1 \| FileCheck %s --check-prefix=RECOVER			// RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=all -fsanitize-recover=unsigned-integer-overflow %s -o %t && %run %t 2>&1 \| FileCheck %s --check-prefix=RECOVER
	// RUN: %env_ubsan_opts=silence_unsigned_overflow=1 %run %t 2>&1 \| FileCheck %s --check-prefix=SILENT-RECOVER --allow-empty			// RUN: %env_ubsan_opts=silence_unsigned_overflow=1 %run %t 2>&1 \| FileCheck %s --check-prefix=SILENT-RECOVER --allow-empty
	// RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=unsigned-integer-overflow %s -o %t && not %run %t 2>&1 \| FileCheck %s --check-prefix=ABORT			// RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=unsigned-integer-overflow %s -o %t
				// RUN: not %run %t 2>&1 \| FileCheck %s --check-prefix=ABORT
				// RUN: %env_ubsan_opts=silence_unsigned_overflow=1 not %run %t 2>&1 \| FileCheck %s --check-prefix=ABORT

	#include <stdint.h>			#include <stdint.h>

	int main() {			int main() {
	// These promote to 'int'.			// These promote to 'int'.
	(void)(uint8_t(0xff) + uint8_t(0xff));			(void)(uint8_t(0xff) + uint8_t(0xff));
	(void)(uint16_t(0xf0fff) + uint16_t(0x0fff));			(void)(uint16_t(0xf0fff) + uint16_t(0x0fff));
	// RECOVER-NOT: runtime error			// RECOVER-NOT: runtime error
	Show All 12 Lines

This is an archive of the discontinued LLVM Phabricator instance.

[compiler-rt][UBSan] silence_unsigned_overflow: do *NOT* ignore *fatal* unsigned overflowsClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 174967

compiler-rt/trunk/lib/ubsan/ubsan_flags.inc

compiler-rt/trunk/lib/ubsan/ubsan_handlers.cc

compiler-rt/trunk/test/ubsan/TestCases/Integer/no-recover.cpp

[compiler-rt][UBSan] silence_unsigned_overflow: do NOT ignore fatal unsigned overflows
ClosedPublic