This is an archive of the discontinued LLVM Phabricator instance.

Differential D86000

Add an unsigned shift base sanitizer
ClosedPublic

Authored by jfb on Aug 14 2020, 2:51 PM.

Details

Reviewers
vsk
lebedev.ri
Commits
rG82d29b397bb2: Add an unsigned shift base sanitizer
Summary

It's not undefined behavior for an unsigned left shift to overflow (i.e. to
shift bits out), but it has been the source of bugs and exploits in certain
codebases in the past. As we do in other parts of UBSan, this patch adds a
dynamic checker which acts beyond UBSan and checks other sources of errors. The
option is enabled as part of -fsanitize=integer.

The flag is named: -fsanitize=unsigned-shift-base
This matches shift-base and shift-exponent flags.

rdar://problem/46129047

Diff Detail

Unit TestsFailed

TimeTest
330 mslinux > UBSan-AddressSanitizer-lld-x86_64.TestCases/Integer::unsigned-shift.cpp
630 mslinux > UBSan-AddressSanitizer-x86_64.TestCases/Integer::unsigned-shift.cpp
270 mslinux > UBSan-MemorySanitizer-lld-x86_64.TestCases/Integer::unsigned-shift.cpp
510 mslinux > UBSan-MemorySanitizer-x86_64.TestCases/Integer::unsigned-shift.cpp
230 mslinux > UBSan-Standalone-lld-x86_64.TestCases/Integer::unsigned-shift.cpp
View Full Test Results (8 Failed)

Event Timeline

jfb created this revision.Aug 14 2020, 2:51 PM
Herald added projects: Restricted Project, Restricted Project. ยท View Herald TranscriptAug 14 2020, 2:51 PM
Herald added subscribers: Restricted Project, cfe-commits, ributzka and 2 others. ยท View Herald Transcript
jfb requested review of this revision.Aug 14 2020, 2:51 PM
jfb added a subscriber: dcoughlin.Aug 14 2020, 2:53 PM
xbolva00 added a subscriber: xbolva00.Aug 14 2020, 2:56 PM
Harbormaster completed remote builds in B68480: Diff 285767.Aug 14 2020, 3:35 PM
vsk added a comment.Aug 14 2020, 3:42 PM

It'd be nice to fold the new check into an existing sanitizer group to bring this to a wider audience. Do you foresee adoption issues for existing -fsanitize=integer adopters? Fwiw some recently-added implicit conversion checks were folded in without much/any pushback.

clang/test/Driver/fsanitize.c
911

Not sure I follow this one. Why is 'NORECOVER' not expecting to see "-fno-sanitize-recover=unsigned-shift-base"?

jfb added a comment.Aug 14 2020, 4:05 PM
In D86000#2219288, @vsk wrote:

It'd be nice to fold the new check into an existing sanitizer group to bring this to a wider audience. Do you foresee adoption issues for existing -fsanitize=integer adopters? Fwiw some recently-added implicit conversion checks were folded in without much/any pushback.

integer does "not actually UB checks", right? I can certainly put it in there if you think I won't get yelled at ๐Ÿ˜„

clang/test/Driver/fsanitize.c
911

I have no idea! Other parts of this file do this:

// CHECK-implicit-conversion-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation|implicit-integer-sign-change),?){3}"}} // ???
// CHECK-implicit-integer-arithmetic-value-change-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-signed-integer-truncation|implicit-integer-sign-change),?){2}"}} // ???
// CHECK-implicit-integer-truncation-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} // ???

I was hoping someone who's touched this before would know.

compiler-rt/test/ubsan/TestCases/Integer/unsigned-shift.cpp
3

I don't understand this test... when I run it with lit it fails (and it seems like the bots agree), but manually it works. Am I doing it wrong?

xbolva00 added a reviewer: lebedev.ri.Aug 14 2020, 4:26 PM
vsk added inline comments.Aug 14 2020, 4:35 PM
clang/test/Driver/fsanitize.c
911

The CHECK-implicit-conversion-NORECOVER-NOT regex looks fishy. There's more parens in there than I'd expect: perhaps that explains why the test passes?

Just above your change, I see something that's closer to what I expect:

// RUN: %clang -fsanitize=float-divide-by-zero %s -fno-sanitize-recover=float-divide-by-zero -### 2>&1 | FileCheck %s --check-prefixes=CHECK-DIVBYZERO,CHECK-DIVBYZERO-NORECOVER
...
// CHECK-DIVBYZERO-NORECOVER-NOT: "-fsanitize-recover=float-divide-by-zero"
compiler-rt/test/ubsan/TestCases/Integer/unsigned-shift.cpp
3

Do you need to explicitly return 1 or something to get a non-zero exit code?

7

Does the test not work without the volatiles?

vsk added a comment.Aug 14 2020, 4:36 PM
In D86000#2219322, @jfb wrote:
In D86000#2219288, @vsk wrote:

It'd be nice to fold the new check into an existing sanitizer group to bring this to a wider audience. Do you foresee adoption issues for existing -fsanitize=integer adopters? Fwiw some recently-added implicit conversion checks were folded in without much/any pushback.

integer does "not actually UB checks", right? I can certainly put it in there if you think I won't get yelled at ๐Ÿ˜„

Can't guarantee you won't get yelled at, but it does seem like the natural fit. It already includes other unsigned overflow checks.

eugenis added a subscriber: eugenis.Aug 14 2020, 4:36 PM
In D86000#2219322, @jfb wrote:
In D86000#2219288, @vsk wrote:

It'd be nice to fold the new check into an existing sanitizer group to bring this to a wider audience. Do you foresee adoption issues for existing -fsanitize=integer adopters? Fwiw some recently-added implicit conversion checks were folded in without much/any pushback.

integer does "not actually UB checks", right? I can certainly put it in there if you think I won't get yelled at ๐Ÿ˜„

I'd support this.
"integer" includes unsigned-integer-overflow, it's only recommended to the truly fearless developers :)

clang/test/Driver/fsanitize.c
911

I think that + the following line mean that the frontend depends on the default behavior (neither recover nor no-recover).

lebedev.ri added a comment.EditedAug 14 2020, 11:27 PM

What's next, a sanitizer that input to signed right-shift is always non-negative? :)

FWIW "fixing" these "bugs" via (x & ~(~1U << (32-shamt))) << shamt is going to be fine,
i've already taught instcombine to drop such pointless masking before left-shift
in PR42563: https://godbolt.org/z/5rar14

jfb updated this revision to Diff 288132.Aug 26 2020, 4:39 PM

As Vedant suggested, make it part of 'integer' sanitizer.

Harbormaster completed remote builds in B69690: Diff 288132.Aug 26 2020, 4:40 PM
jfb updated this revision to Diff 288133.Aug 26 2020, 4:40 PM

Re-upload with full context.

jfb edited the summary of this revision. (Show Details)Aug 26 2020, 4:41 PM
Harbormaster completed remote builds in B69691: Diff 288133.Aug 26 2020, 5:31 PM
dtzWill added a subscriber: dtzWill.Aug 26 2020, 10:56 PM
lebedev.ri added a comment.Aug 26 2020, 11:35 PM

Release notes missing.
I think the canonical way to silence it (via masking?) should be at least mentioned.

clang/lib/CodeGen/CGExprScalar.cpp
3872โ€“3884

Why is this so complicated? Shouldn't this just be: https://alive2.llvm.org/ce/z/scTqfX

$ /repositories/alive2/build-Clang-release/alive-tv /tmp/test.ll --smt-to=100000 --disable-undef-input

----------------------------------------
@2 = global 32 bytes, align 16

define i32 @src(i32 %arg, i32 %arg1) {
%bb:
  %i = icmp ugt i32 %arg1, 31
  %i2 = sub nsw nuw i32 31, %arg1    ; NOPE
  %i3 = lshr i32 %arg, %i2           ; NOPE
  %i4 = icmp ult i32 %i3, 2          ; NOPE
  %i5 = or i1 %i, %i4
  br i1 %i5, label %bb9, label %bb6

%bb6:
  %i7 = zext i32 %arg to i64
  %i8 = zext i32 %arg1 to i64
  %__constexpr_0 = bitcast * @2 to *
  call void @__ubsan_handle_shift_out_of_bounds(* %__constexpr_0, i64 %i7, i64 %i8)
  br label %bb9

%bb9:
  %i10 = shl i32 %arg, %arg1
  ret i32 %i10
}
=>
@2 = global 32 bytes, align 16

define i32 @tgt(i32 %arg, i32 %arg1) {
%bb:
  %i = icmp ugt i32 %arg1, 31
  %iZZ0 = shl i32 %arg, %arg1        ; HI!
  %iZZ1 = lshr i32 %iZZ0, %arg1      ; OVER HERE
  %i4 = icmp eq i32 %arg, %iZZ1      ; LOOK!
  %i5 = or i1 %i, %i4
  br i1 %i5, label %bb9, label %bb6

%bb6:
  %i7 = zext i32 %arg to i64
  %i8 = zext i32 %arg1 to i64
  %__constexpr_0 = bitcast * @2 to *
  call void @__ubsan_handle_shift_out_of_bounds(* %__constexpr_0, i64 %i7, i64 %i8)
  br label %bb9

%bb9:
  ret i32 %iZZ0
}
Transformation seems to be correct!

which will then be migrated to use @llvm.ushl.with.overflow once it's there.

jfb updated this revision to Diff 288383.Aug 27 2020, 10:19 AM
jfb marked 6 inline comments as done.

Address comments

Herald added a project: Restricted Project. ยท View Herald TranscriptAug 27 2020, 10:19 AM
Herald added a subscriber: llvm-commits. ยท View Herald Transcript
jfb added inline comments.Aug 27 2020, 10:20 AM
clang/lib/CodeGen/CGExprScalar.cpp
3872โ€“3884

Sure, but that's pre-existing and I'd rather not change it in this patch.

compiler-rt/test/ubsan/TestCases/Integer/unsigned-shift.cpp
3

That should be implicit, but I added it regardless to make sure. It's happy now ๐Ÿคทโ€โ™‚๏ธ

7

It seems that LLVM sees too much without volatile, yes.

lebedev.ri added inline comments.Aug 27 2020, 10:22 AM
llvm/docs/ReleaseNotes.rst
153 โ†—(On Diff #288383)

Surely not ~1U.

jfb updated this revision to Diff 288388.Aug 27 2020, 10:37 AM
jfb marked an inline comment as done.

Fix notes.

llvm/docs/ReleaseNotes.rst
153 โ†—(On Diff #288383)

Indeed, fixed.

vsk added inline comments.Aug 27 2020, 10:41 AM
compiler-rt/test/ubsan/TestCases/Integer/unsigned-shift.cpp
7

The optimizer isn't running. Perhaps this is necessary because clang's constant folder kicks in?

llvm/docs/ReleaseNotes.rst
151 โ†—(On Diff #288383)

This could use some more explanation, maybe s/with masking/by clearing bits that would be shifted out/?

153 โ†—(On Diff #288383)

I don't think this pattern works when rhs = 0 (https://godbolt.org/z/rvEGqh).

lebedev.ri added inline comments.Aug 27 2020, 10:44 AM
llvm/docs/ReleaseNotes.rst
153 โ†—(On Diff #288383)

Surely not 1U either :)

Harbormaster completed remote builds in B69812: Diff 288383.Aug 27 2020, 12:17 PM
Harbormaster completed remote builds in B69816: Diff 288388.Aug 27 2020, 1:22 PM
jfb updated this revision to Diff 288444.Aug 27 2020, 1:32 PM
jfb marked 4 inline comments as done.

Remove the "suppress this" in release notes.

compiler-rt/test/ubsan/TestCases/Integer/unsigned-shift.cpp
7

Probably, I haven't investigate. It's brittle is the main thing, and this forces it to not be.

llvm/docs/ReleaseNotes.rst
151 โ†—(On Diff #288383)

I just dropped it, I don't think release notes are the right place for this anyways.

153 โ†—(On Diff #288383)

Right, I don't think it's something we want to explain here.

vsk accepted this revision.Aug 27 2020, 1:36 PM

Lgtm, thanks.

This revision is now accepted and ready to land.Aug 27 2020, 1:36 PM
Harbormaster completed remote builds in B69834: Diff 288444.Aug 27 2020, 3:05 PM
Closed by commit rG82d29b397bb2: Add an unsigned shift base sanitizer (authored by jfb). ยท Explain WhyAug 27 2020, 8:06 PM
This revision was automatically updated to reflect the committed changes.
jfb added a commit: rG82d29b397bb2: Add an unsigned shift base sanitizer.
aqjune mentioned this in D87994: [LangRef] Clarify the behavior of memory access instructions when pointers/sizes aren't well-defined.Sep 25 2020, 4:26 PM
pcc mentioned this in D89766: Driver: Add integer sanitizers to trapping group automatically..Oct 19 2020, 11:23 PM
pcc mentioned this in rGc5acd3490b79: Driver: Add integer sanitizers to trapping group automatically..Oct 20 2020, 1:46 PM

Revision Contents

PathSize
clang/
docs/
2 lines
include/
clang/
Basic/
4 lines
lib/
CodeGen/
19 lines
Driver/
16 lines
test/
CodeGen/
28 lines
Driver/
2 lines
compiler-rt/
test/
ubsan/
TestCases/
Integer/
52 lines

Diff 288133

clang/docs/UndefinedBehaviorSanitizer.rst

Show First 20 Lines โ€ข Show All 147 Lines โ€ข โ–ผ Show 20 Lines - ``-fsanitize=returns-nonnull-attribute``: Returning null pointer
from a function which is declared to never return null. from a function which is declared to never return null.
- ``-fsanitize=shift``: Shift operators where the amount shifted is - ``-fsanitize=shift``: Shift operators where the amount shifted is
greater or equal to the promoted bit-width of the left hand side greater or equal to the promoted bit-width of the left hand side
or less than zero, or where the left hand side is negative. For a or less than zero, or where the left hand side is negative. For a
signed left shift, also checks for signed overflow in C, and for signed left shift, also checks for signed overflow in C, and for
unsigned overflow in C++. You can use ``-fsanitize=shift-base`` or unsigned overflow in C++. You can use ``-fsanitize=shift-base`` or
``-fsanitize=shift-exponent`` to check only left-hand side or ``-fsanitize=shift-exponent`` to check only left-hand side or
right-hand side of shift operation, respectively. right-hand side of shift operation, respectively.
- ``-fsanitize=unsigned-shift-base``: check that an unsigned left-hand side of
a left shift operation doesn't overflow.
- ``-fsanitize=signed-integer-overflow``: Signed integer overflow, where the - ``-fsanitize=signed-integer-overflow``: Signed integer overflow, where the
result of a signed integer computation cannot be represented in its type. result of a signed integer computation cannot be represented in its type.
This includes all the checks covered by ``-ftrapv``, as well as checks for This includes all the checks covered by ``-ftrapv``, as well as checks for
signed division overflow (``INT_MIN/-1``), but not checks for signed division overflow (``INT_MIN/-1``), but not checks for
lossy implicit conversions performed before the computation lossy implicit conversions performed before the computation
(see ``-fsanitize=implicit-conversion``). Both of these two issues are (see ``-fsanitize=implicit-conversion``). Both of these two issues are
handled by ``-fsanitize=implicit-conversion`` group of checks. handled by ``-fsanitize=implicit-conversion`` group of checks.
- ``-fsanitize=unreachable``: If control flow reaches an unreachable - ``-fsanitize=unreachable``: If control flow reaches an unreachable
โ–ฒ Show 20 Lines โ€ข Show All 200 Lines โ€ข Show Last 20 Lines

clang/include/clang/Basic/Sanitizers.def

Show First 20 Lines โ€ข Show All 101 Lines โ€ข โ–ผ Show 20 Lines
SANITIZER_GROUP("shift", Shift, ShiftBase | ShiftExponent) SANITIZER_GROUP("shift", Shift, ShiftBase | ShiftExponent)
SANITIZER("signed-integer-overflow", SignedIntegerOverflow) SANITIZER("signed-integer-overflow", SignedIntegerOverflow)
SANITIZER("unreachable", Unreachable) SANITIZER("unreachable", Unreachable)
SANITIZER("vla-bound", VLABound) SANITIZER("vla-bound", VLABound)
SANITIZER("vptr", Vptr) SANITIZER("vptr", Vptr)
// IntegerSanitizer // IntegerSanitizer
SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow) SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow)
SANITIZER("unsigned-shift-base", UnsignedShiftBase)
// DataFlowSanitizer // DataFlowSanitizer
SANITIZER("dataflow", DataFlow) SANITIZER("dataflow", DataFlow)
// Control Flow Integrity // Control Flow Integrity
SANITIZER("cfi-cast-strict", CFICastStrict) SANITIZER("cfi-cast-strict", CFICastStrict)
SANITIZER("cfi-derived-cast", CFIDerivedCast) SANITIZER("cfi-derived-cast", CFIDerivedCast)
SANITIZER("cfi-icall", CFIICall) SANITIZER("cfi-icall", CFIICall)
โ–ฒ Show 20 Lines โ€ข Show All 48 Lines โ€ข โ–ผ Show 20 Lines
// ImplicitIntegerConversion) // ImplicitIntegerConversion)
SANITIZER_GROUP("implicit-conversion", ImplicitConversion, SANITIZER_GROUP("implicit-conversion", ImplicitConversion,
ImplicitIntegerArithmeticValueChange | ImplicitIntegerArithmeticValueChange |
ImplicitUnsignedIntegerTruncation) ImplicitUnsignedIntegerTruncation)
SANITIZER_GROUP("integer", Integer, SANITIZER_GROUP("integer", Integer,
ImplicitConversion | IntegerDivideByZero | Shift | ImplicitConversion | IntegerDivideByZero | Shift |
SignedIntegerOverflow | UnsignedIntegerOverflow) SignedIntegerOverflow | UnsignedIntegerOverflow |
UnsignedShiftBase)
SANITIZER("local-bounds", LocalBounds) SANITIZER("local-bounds", LocalBounds)
SANITIZER_GROUP("bounds", Bounds, ArrayBounds | LocalBounds) SANITIZER_GROUP("bounds", Bounds, ArrayBounds | LocalBounds)
// Scudo hardened allocator // Scudo hardened allocator
SANITIZER("scudo", Scudo) SANITIZER("scudo", Scudo)
// Magic group, containing all sanitizers. For example, "-fno-sanitize=all" // Magic group, containing all sanitizers. For example, "-fno-sanitize=all"
// can be used to disable all the sanitizers. // can be used to disable all the sanitizers.
SANITIZER_GROUP("all", All, ~SanitizerMask()) SANITIZER_GROUP("all", All, ~SanitizerMask())
#undef SANITIZER #undef SANITIZER
#undef SANITIZER_GROUP #undef SANITIZER_GROUP

clang/lib/CodeGen/CGExprScalar.cpp

Show First 20 Lines โ€ข Show All 3,827 Lines โ€ข โ–ผ Show 20 Lines
Value *ScalarExprEmitter::EmitShl(const BinOpInfo &Ops) { Value *ScalarExprEmitter::EmitShl(const BinOpInfo &Ops) {
// LLVM requires the LHS and RHS to be the same type: promote or truncate the // LLVM requires the LHS and RHS to be the same type: promote or truncate the
// RHS to the same size as the LHS. // RHS to the same size as the LHS.
Value *RHS = Ops.RHS; Value *RHS = Ops.RHS;
if (Ops.LHS->getType() != RHS->getType()) if (Ops.LHS->getType() != RHS->getType())
RHS = Builder.CreateIntCast(RHS, Ops.LHS->getType(), false, "sh_prom"); RHS = Builder.CreateIntCast(RHS, Ops.LHS->getType(), false, "sh_prom");
bool SanitizeBase = CGF.SanOpts.has(SanitizerKind::ShiftBase) && bool SanitizeSignedBase = CGF.SanOpts.has(SanitizerKind::ShiftBase) &&
Ops.Ty->hasSignedIntegerRepresentation() && Ops.Ty->hasSignedIntegerRepresentation() &&
!CGF.getLangOpts().isSignedOverflowDefined() && !CGF.getLangOpts().isSignedOverflowDefined() &&
!CGF.getLangOpts().CPlusPlus20; !CGF.getLangOpts().CPlusPlus20;
bool SanitizeUnsignedBase =
CGF.SanOpts.has(SanitizerKind::UnsignedShiftBase) &&
Ops.Ty->hasUnsignedIntegerRepresentation();
bool SanitizeBase = SanitizeSignedBase || SanitizeUnsignedBase;
bool SanitizeExponent = CGF.SanOpts.has(SanitizerKind::ShiftExponent); bool SanitizeExponent = CGF.SanOpts.has(SanitizerKind::ShiftExponent);
// OpenCL 6.3j: shift values are effectively % word size of LHS. // OpenCL 6.3j: shift values are effectively % word size of LHS.
if (CGF.getLangOpts().OpenCL) if (CGF.getLangOpts().OpenCL)
RHS = ConstrainShiftValue(Ops.LHS, RHS, "shl.mask"); RHS = ConstrainShiftValue(Ops.LHS, RHS, "shl.mask");
else if ((SanitizeBase || SanitizeExponent) && else if ((SanitizeBase || SanitizeExponent) &&
isa<llvm::IntegerType>(Ops.LHS->getType())) { isa<llvm::IntegerType>(Ops.LHS->getType())) {
CodeGenFunction::SanitizerScope SanScope(&CGF); CodeGenFunction::SanitizerScope SanScope(&CGF);
SmallVector<std::pair<Value *, SanitizerMask>, 2> Checks; SmallVector<std::pair<Value *, SanitizerMask>, 2> Checks;
Show All 12 Lines if (SanitizeBase) {
llvm::BasicBlock *Orig = Builder.GetInsertBlock(); llvm::BasicBlock *Orig = Builder.GetInsertBlock();
llvm::BasicBlock *Cont = CGF.createBasicBlock("cont"); llvm::BasicBlock *Cont = CGF.createBasicBlock("cont");
llvm::BasicBlock *CheckShiftBase = CGF.createBasicBlock("check"); llvm::BasicBlock *CheckShiftBase = CGF.createBasicBlock("check");
Builder.CreateCondBr(ValidExponent, CheckShiftBase, Cont); Builder.CreateCondBr(ValidExponent, CheckShiftBase, Cont);
llvm::Value *PromotedWidthMinusOne = llvm::Value *PromotedWidthMinusOne =
(RHS == Ops.RHS) ? WidthMinusOne (RHS == Ops.RHS) ? WidthMinusOne
: GetWidthMinusOneValue(Ops.LHS, RHS); : GetWidthMinusOneValue(Ops.LHS, RHS);
CGF.EmitBlock(CheckShiftBase); CGF.EmitBlock(CheckShiftBase);
llvm::Value *BitsShiftedOff = Builder.CreateLShr( llvm::Value *BitsShiftedOff = Builder.CreateLShr(
Ops.LHS, Builder.CreateSub(PromotedWidthMinusOne, RHS, "shl.zeros", Ops.LHS, Builder.CreateSub(PromotedWidthMinusOne, RHS, "shl.zeros",
/*NUW*/ true, /*NSW*/ true), /*NUW*/ true, /*NSW*/ true),
"shl.check"); "shl.check");
if (CGF.getLangOpts().CPlusPlus) { if (SanitizeUnsignedBase || CGF.getLangOpts().CPlusPlus) {
// In C99, we are not permitted to shift a 1 bit into the sign bit. // In C99, we are not permitted to shift a 1 bit into the sign bit.
// Under C++11's rules, shifting a 1 bit into the sign bit is // Under C++11's rules, shifting a 1 bit into the sign bit is
// OK, but shifting a 1 bit out of it is not. (C89 and C++03 don't // OK, but shifting a 1 bit out of it is not. (C89 and C++03 don't
// define signed left shifts, so we use the C99 and C++11 rules there). // define signed left shifts, so we use the C99 and C++11 rules there).
// Unsigned shifts can always shift into the top bit.
llvm::Value *One = llvm::ConstantInt::get(BitsShiftedOff->getType(), 1); llvm::Value *One = llvm::ConstantInt::get(BitsShiftedOff->getType(), 1);
BitsShiftedOff = Builder.CreateLShr(BitsShiftedOff, One); BitsShiftedOff = Builder.CreateLShr(BitsShiftedOff, One);
} }
lebedev.riUnsubmitted
Done
ReplyInline Actions

Why is this so complicated? Shouldn't this just be: https://alive2.llvm.org/ce/z/scTqfX

$ /repositories/alive2/build-Clang-release/alive-tv /tmp/test.ll --smt-to=100000 --disable-undef-input

----------------------------------------
@2 = global 32 bytes, align 16

define i32 @src(i32 %arg, i32 %arg1) {
%bb:
  %i = icmp ugt i32 %arg1, 31
  %i2 = sub nsw nuw i32 31, %arg1    ; NOPE
  %i3 = lshr i32 %arg, %i2           ; NOPE
  %i4 = icmp ult i32 %i3, 2          ; NOPE
  %i5 = or i1 %i, %i4
  br i1 %i5, label %bb9, label %bb6

%bb6:
  %i7 = zext i32 %arg to i64
  %i8 = zext i32 %arg1 to i64
  %__constexpr_0 = bitcast * @2 to *
  call void @__ubsan_handle_shift_out_of_bounds(* %__constexpr_0, i64 %i7, i64 %i8)
  br label %bb9

%bb9:
  %i10 = shl i32 %arg, %arg1
  ret i32 %i10
}
=>
@2 = global 32 bytes, align 16

define i32 @tgt(i32 %arg, i32 %arg1) {
%bb:
  %i = icmp ugt i32 %arg1, 31
  %iZZ0 = shl i32 %arg, %arg1        ; HI!
  %iZZ1 = lshr i32 %iZZ0, %arg1      ; OVER HERE
  %i4 = icmp eq i32 %arg, %iZZ1      ; LOOK!
  %i5 = or i1 %i, %i4
  br i1 %i5, label %bb9, label %bb6

%bb6:
  %i7 = zext i32 %arg to i64
  %i8 = zext i32 %arg1 to i64
  %__constexpr_0 = bitcast * @2 to *
  call void @__ubsan_handle_shift_out_of_bounds(* %__constexpr_0, i64 %i7, i64 %i8)
  br label %bb9

%bb9:
  ret i32 %iZZ0
}
Transformation seems to be correct!

which will then be migrated to use @llvm.ushl.with.overflow once it's there.

lebedev.ri: Why is this so complicated? Shouldn't this just be: https://alive2.llvm.org/ce/z/scTqfX ``` $โ€ฆ
jfbAuthorUnsubmitted
Done
ReplyInline Actions

Sure, but that's pre-existing and I'd rather not change it in this patch.

jfb: Sure, but that's pre-existing and I'd rather not change it in this patch.
llvm::Value *Zero = llvm::ConstantInt::get(BitsShiftedOff->getType(), 0); llvm::Value *Zero = llvm::ConstantInt::get(BitsShiftedOff->getType(), 0);
llvm::Value *ValidBase = Builder.CreateICmpEQ(BitsShiftedOff, Zero); llvm::Value *ValidBase = Builder.CreateICmpEQ(BitsShiftedOff, Zero);
CGF.EmitBlock(Cont); CGF.EmitBlock(Cont);
llvm::PHINode *BaseCheck = Builder.CreatePHI(ValidBase->getType(), 2); llvm::PHINode *BaseCheck = Builder.CreatePHI(ValidBase->getType(), 2);
BaseCheck->addIncoming(Builder.getTrue(), Orig); BaseCheck->addIncoming(Builder.getTrue(), Orig);
BaseCheck->addIncoming(ValidBase, CheckShiftBase); BaseCheck->addIncoming(ValidBase, CheckShiftBase);
Checks.push_back(std::make_pair(BaseCheck, SanitizerKind::ShiftBase)); Checks.push_back(std::make_pair(
BaseCheck, SanitizeSignedBase ? SanitizerKind::ShiftBase
: SanitizerKind::UnsignedShiftBase));
} }
assert(!Checks.empty()); assert(!Checks.empty());
EmitBinOpCheck(Checks, Ops); EmitBinOpCheck(Checks, Ops);
} }
return Builder.CreateShl(Ops.LHS, RHS, "shl"); return Builder.CreateShl(Ops.LHS, RHS, "shl");
} }
โ–ฒ Show 20 Lines โ€ข Show All 1,128 Lines โ€ข Show Last 20 Lines

clang/lib/Driver/ToolChain.cpp

Show First 20 Lines โ€ข Show All 1,010 Lines โ€ข โ–ผ Show 20 Linesbool ToolChain::addFastMathRuntimeIfAvailable(const ArgList &Args,
return false; return false;
} }
SanitizerMask ToolChain::getSupportedSanitizers() const { SanitizerMask ToolChain::getSupportedSanitizers() const {
// Return sanitizers which don't require runtime support and are not // Return sanitizers which don't require runtime support and are not
// platform dependent. // platform dependent.
SanitizerMask Res = (SanitizerKind::Undefined & ~SanitizerKind::Vptr & SanitizerMask Res =
(SanitizerKind::Undefined & ~SanitizerKind::Vptr &
~SanitizerKind::Function) | ~SanitizerKind::Function) |
(SanitizerKind::CFI & ~SanitizerKind::CFIICall) | (SanitizerKind::CFI & ~SanitizerKind::CFIICall) |
SanitizerKind::CFICastStrict | SanitizerKind::CFICastStrict | SanitizerKind::FloatDivideByZero |
SanitizerKind::FloatDivideByZero |
SanitizerKind::UnsignedIntegerOverflow | SanitizerKind::UnsignedIntegerOverflow |
SanitizerKind::ImplicitConversion | SanitizerKind::UnsignedShiftBase | SanitizerKind::ImplicitConversion |
SanitizerKind::Nullability | SanitizerKind::LocalBounds; SanitizerKind::Nullability | SanitizerKind::LocalBounds;
if (getTriple().getArch() == llvm::Triple::x86 || if (getTriple().getArch() == llvm::Triple::x86 ||
getTriple().getArch() == llvm::Triple::x86_64 || getTriple().getArch() == llvm::Triple::x86_64 ||
getTriple().getArch() == llvm::Triple::arm || getTriple().isWasm() || getTriple().getArch() == llvm::Triple::arm || getTriple().isWasm() ||
getTriple().isAArch64()) getTriple().isAArch64())
Res |= SanitizerKind::CFIICall; Res |= SanitizerKind::CFIICall;
if (getTriple().getArch() == llvm::Triple::x86_64 || getTriple().isAArch64()) if (getTriple().getArch() == llvm::Triple::x86_64 || getTriple().isAArch64())
Res |= SanitizerKind::ShadowCallStack; Res |= SanitizerKind::ShadowCallStack;
if (getTriple().isAArch64()) if (getTriple().isAArch64())
โ–ฒ Show 20 Lines โ€ข Show All 216 Lines โ€ข Show Last 20 Lines

clang/test/CodeGen/unsigned-shift-base.c

  • This file was added.
// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -fsanitize=unsigned-shift-base,shift-exponent %s -emit-llvm -o - | FileCheck %s
// CHECK-LABEL: lsh_overflow(
unsigned lsh_overflow(unsigned a, unsigned b) {
// CHECK: %[[RHS_INBOUNDS:.*]] = icmp ule i32 %[[RHS:.*]], 31
// CHECK-NEXT: br i1 %[[RHS_INBOUNDS]], label %[[CHECK_BB:.*]], label %[[CONT_BB:.*]],
// CHECK: [[CHECK_BB]]:
// CHECK-NEXT: %[[SHIFTED_OUT_WIDTH:.*]] = sub nuw nsw i32 31, %[[RHS]]
// CHECK-NEXT: %[[SHIFTED_OUT:.*]] = lshr i32 %[[LHS:.*]], %[[SHIFTED_OUT_WIDTH]]
// CHECK-NEXT: %[[SHIFTED_OUT_NOT_SIGN:.*]] = lshr i32 %[[SHIFTED_OUT]], 1
// CHECK-NEXT: %[[NO_OVERFLOW:.*]] = icmp eq i32 %[[SHIFTED_OUT_NOT_SIGN]], 0
// CHECK-NEXT: br label %[[CONT_BB]]
// CHECK: [[CONT_BB]]:
// CHECK-NEXT: %[[VALID_BASE:.*]] = phi i1 [ true, {{.*}} ], [ %[[NO_OVERFLOW]], %[[CHECK_BB]] ]
// CHECK-NEXT: %[[VALID:.*]] = and i1 %[[RHS_INBOUNDS]], %[[VALID_BASE]]
// CHECK-NEXT: br i1 %[[VALID]]
// CHECK: call void @__ubsan_handle_shift_out_of_bounds
// CHECK-NOT: call void @__ubsan_handle_shift_out_of_bounds
// CHECK: %[[RET:.*]] = shl i32 %[[LHS]], %[[RHS]]
// CHECK-NEXT: ret i32 %[[RET]]
return a << b;
}

clang/test/Driver/fsanitize.c

Show All 26 Lines
// CHECK-UNDEFINED-WIN-SAME: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|builtin|returns-nonnull-attribute|nonnull-attribute),?){17}"}} // CHECK-UNDEFINED-WIN-SAME: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|unreachable|return|vla-bound|alignment|null|pointer-overflow|float-cast-overflow|array-bounds|enum|bool|builtin|returns-nonnull-attribute|nonnull-attribute),?){17}"}}
// RUN: %clang -target i386-pc-win32 -fsanitize-coverage=bb %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-COVERAGE-WIN32 // RUN: %clang -target i386-pc-win32 -fsanitize-coverage=bb %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-COVERAGE-WIN32
// CHECK-COVERAGE-WIN32: "--dependent-lib={{[^"]*}}ubsan_standalone-i386.lib" // CHECK-COVERAGE-WIN32: "--dependent-lib={{[^"]*}}ubsan_standalone-i386.lib"
// RUN: %clang -target x86_64-pc-win32 -fsanitize-coverage=bb %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-COVERAGE-WIN64 // RUN: %clang -target x86_64-pc-win32 -fsanitize-coverage=bb %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-COVERAGE-WIN64
// CHECK-COVERAGE-WIN64: "--dependent-lib={{[^"]*}}ubsan_standalone-x86_64.lib" // CHECK-COVERAGE-WIN64: "--dependent-lib={{[^"]*}}ubsan_standalone-x86_64.lib"
// RUN: %clang -target %itanium_abi_triple -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER -implicit-check-not="-fsanitize-address-use-after-scope" // RUN: %clang -target %itanium_abi_triple -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER -implicit-check-not="-fsanitize-address-use-after-scope"
// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|implicit-unsigned-integer-truncation|implicit-signed-integer-truncation|implicit-integer-sign-change),?){8}"}} // CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|implicit-unsigned-integer-truncation|implicit-signed-integer-truncation|implicit-integer-sign-change|unsigned-shift-base),?){9}"}}
// RUN: %clang -fsanitize=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER // RUN: %clang -fsanitize=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER
// RUN: %clang -fsanitize=implicit-conversion -fsanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER // RUN: %clang -fsanitize=implicit-conversion -fsanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER
// RUN: %clang -fsanitize=implicit-conversion -fno-sanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-NORECOVER // RUN: %clang -fsanitize=implicit-conversion -fno-sanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-NORECOVER
// RUN: %clang -fsanitize=implicit-conversion -fsanitize-trap=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-TRAP // RUN: %clang -fsanitize=implicit-conversion -fsanitize-trap=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-TRAP
// CHECK-implicit-conversion: "-fsanitize={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation|implicit-integer-sign-change),?){3}"}} // CHECK-implicit-conversion: "-fsanitize={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation|implicit-integer-sign-change),?){3}"}}
// CHECK-implicit-conversion-RECOVER: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation|implicit-integer-sign-change),?){3}"}} // CHECK-implicit-conversion-RECOVER: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation|implicit-integer-sign-change),?){3}"}}
// CHECK-implicit-conversion-RECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation|implicit-integer-sign-change),?){3}"}} // CHECK-implicit-conversion-RECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation|implicit-integer-sign-change),?){3}"}}
โ–ฒ Show 20 Lines โ€ข Show All 849 Lines โ€ข โ–ผ Show 20 Lines
// CHECK-DIVBYZERO-RECOVER: "-fsanitize-recover=float-divide-by-zero" // CHECK-DIVBYZERO-RECOVER: "-fsanitize-recover=float-divide-by-zero"
// CHECK-DIVBYZERO-NORECOVER-NOT: "-fsanitize-recover=float-divide-by-zero" // CHECK-DIVBYZERO-NORECOVER-NOT: "-fsanitize-recover=float-divide-by-zero"
// CHECK-DIVBYZERO-TRAP: "-fsanitize-trap=float-divide-by-zero" // CHECK-DIVBYZERO-TRAP: "-fsanitize-trap=float-divide-by-zero"
// RUN: %clang -fsanitize=float-divide-by-zero -fsanitize-minimal-runtime %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-DIVBYZERO,CHECK-DIVBYZERO-MINIMAL // RUN: %clang -fsanitize=float-divide-by-zero -fsanitize-minimal-runtime %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-DIVBYZERO,CHECK-DIVBYZERO-MINIMAL
// CHECK-DIVBYZERO-MINIMAL: "-fsanitize-minimal-runtime" // CHECK-DIVBYZERO-MINIMAL: "-fsanitize-minimal-runtime"
// RUN: %clang -fsanitize=undefined,float-divide-by-zero %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DIVBYZERO-UBSAN // RUN: %clang -fsanitize=undefined,float-divide-by-zero %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DIVBYZERO-UBSAN
// CHECK-DIVBYZERO-UBSAN: "-fsanitize={{.*}},float-divide-by-zero,{{.*}}" // CHECK-DIVBYZERO-UBSAN: "-fsanitize={{.*}},float-divide-by-zero,{{.*}}"
vskUnsubmitted
Done
ReplyInline Actions

Not sure I follow this one. Why is 'NORECOVER' not expecting to see "-fno-sanitize-recover=unsigned-shift-base"?

vsk: Not sure I follow this one. Why is 'NORECOVER' not expecting to see "-fno-sanitizeโ€ฆ
jfbAuthorUnsubmitted
Done
ReplyInline Actions

I have no idea! Other parts of this file do this:

// CHECK-implicit-conversion-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation|implicit-integer-sign-change),?){3}"}} // ???
// CHECK-implicit-integer-arithmetic-value-change-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-signed-integer-truncation|implicit-integer-sign-change),?){2}"}} // ???
// CHECK-implicit-integer-truncation-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} // ???

I was hoping someone who's touched this before would know.

jfb: I have no idea! Other parts of this file do this: ``` // CHECK-implicit-conversion-NORECOVERโ€ฆ
vskUnsubmitted
Done
ReplyInline Actions

The CHECK-implicit-conversion-NORECOVER-NOT regex looks fishy. There's more parens in there than I'd expect: perhaps that explains why the test passes?

Just above your change, I see something that's closer to what I expect:

// RUN: %clang -fsanitize=float-divide-by-zero %s -fno-sanitize-recover=float-divide-by-zero -### 2>&1 | FileCheck %s --check-prefixes=CHECK-DIVBYZERO,CHECK-DIVBYZERO-NORECOVER
...
// CHECK-DIVBYZERO-NORECOVER-NOT: "-fsanitize-recover=float-divide-by-zero"
vsk: The CHECK-implicit-conversion-NORECOVER-NOT regex looks fishy. There's more parens in thereโ€ฆ
eugenisUnsubmitted
Done
ReplyInline Actions

I think that + the following line mean that the frontend depends on the default behavior (neither recover nor no-recover).

eugenis: I think that + the following line mean that the frontend depends on the default behaviorโ€ฆ

compiler-rt/test/ubsan/TestCases/Integer/unsigned-shift.cpp

  • This file was added.
// RUN: %clangxx -fsanitize=unsigned-shift-base %s -o %t1 && not %run %t1 2>&1 | FileCheck %s
// RUN: %clangxx -fsanitize=unsigned-shift-base,shift-exponent %s -o %t1 && not %run %t1 2>&1 | FileCheck %s
jfbAuthorUnsubmitted
Done
ReplyInline Actions

I don't understand this test... when I run it with lit it fails (and it seems like the bots agree), but manually it works. Am I doing it wrong?

jfb: I don't understand this test... when I run it with lit it fails (and it seems like the botsโ€ฆ
vskUnsubmitted
Done
ReplyInline Actions

Do you need to explicitly return 1 or something to get a non-zero exit code?

vsk: Do you need to explicitly `return 1` or something to get a non-zero exit code?
jfbAuthorUnsubmitted
Done
ReplyInline Actions

That should be implicit, but I added it regardless to make sure. It's happy now ๐Ÿคทโ€โ™‚๏ธ

jfb: That should be implicit, but I added it regardless to make sure. It's happy now ๐Ÿคทโ€โ™‚๏ธ
#define shift(val, amount) ({ \
volatile unsigned _v = (val); \
volatile unsigned _a = (amount); \
unsigned res = _v << _a; \
vskUnsubmitted
Done
ReplyInline Actions

Does the test not work without the volatiles?

vsk: Does the test not work without the volatiles?
jfbAuthorUnsubmitted
Done
ReplyInline Actions

It seems that LLVM sees too much without volatile, yes.

jfb: It seems that LLVM sees too much without volatile, yes.
vskUnsubmitted
Done
ReplyInline Actions

The optimizer isn't running. Perhaps this is necessary because clang's constant folder kicks in?

vsk: The optimizer isn't running. Perhaps this is necessary because clang's constant folder kicks in?
jfbAuthorUnsubmitted
Done
ReplyInline Actions

Probably, I haven't investigate. It's brittle is the main thing, and this forces it to not be.

jfb: Probably, I haven't investigate. It's brittle is the main thing, and this forces it to not be.
res; \
})
int main() {
shift(0b00000000'00000000'00000000'00000000, 31);
shift(0b00000000'00000000'00000000'00000001, 31);
shift(0b00000000'00000000'00000000'00000010, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 2 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'00000000'00000100, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 4 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'00000000'00001000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 8 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'00000000'00010000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 16 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'00000000'00100000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 32 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'00000000'01000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 64 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'00000000'10000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 128 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'00000001'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 256 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'00000010'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 512 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'00000100'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 1024 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'00001000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 2048 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'00010000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 4096 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'00100000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 8192 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'01000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 16384 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000000'10000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 32768 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000001'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 65536 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000010'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 131072 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00000100'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 262144 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00001000'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 524288 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00010000'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 1048576 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'00100000'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 2097152 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'01000000'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 4194304 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000000'10000000'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 8388608 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000001'00000000'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 16777216 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000010'00000000'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 33554432 by 31 places cannot be represented in type 'unsigned int'
shift(0b00000100'00000000'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 67108864 by 31 places cannot be represented in type 'unsigned int'
shift(0b00001000'00000000'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 134217728 by 31 places cannot be represented in type 'unsigned int'
shift(0b00010000'00000000'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 268435456 by 31 places cannot be represented in type 'unsigned int'
shift(0b00100000'00000000'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 536870912 by 31 places cannot be represented in type 'unsigned int'
shift(0b01000000'00000000'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 1073741824 by 31 places cannot be represented in type 'unsigned int'
shift(0b10000000'00000000'00000000'00000000, 31); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 2147483648 by 31 places cannot be represented in type 'unsigned int'
shift(0b10000000'00000000'00000000'00000000, 00);
shift(0b10000000'00000000'00000000'00000000, 01); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 2147483648 by 1 places cannot be represented in type 'unsigned int'
shift(0xffff'ffff, 0);
shift(0xffff'ffff, 1); // CHECK: unsigned-shift.cpp:[[@LINE]]:3: runtime error: left shift of 4294967295 by 1 places cannot be represented in type 'unsigned int'
}