From 1897cb3b9cb8f3c414fe9ccf1bf8cddf387953cb Mon Sep 17 00:00:00 2001
From: Will Dietz
Date: Tue, 27 Nov 2012 15:01:55 +0000
Subject: [PATCH] Add -fsanitize=integer for reporting suspicious integer
behaviors.
Introduces new sanitizer "unsigned-integer-overflow".
llvm-svn: 168701
---
clang/docs/UsersManual.html | 22 ++--
clang/include/clang/Basic/Sanitizers.def | 30 ++++--
clang/lib/CodeGen/CGExprScalar.cpp | 74 +++++++++----
clang/lib/Driver/SanitizerArgs.h | 2 +-
clang/test/CodeGen/catch-undef-behavior.c | 2 +-
clang/test/CodeGen/unsigned-overflow.c | 125 +++++++++++++++++++++
clang/test/CodeGen/unsigned-promotion.c | 143 +++++++++++++++++++++++++
clang/test/CodeGen/unsigned-trapv.c | 38 +++++++
clang/test/CodeGenCXX/catch-undef-behavior.cpp | 2 +-
clang/test/Driver/fsanitize.c | 9 +-
10 files changed, 403 insertions(+), 44 deletions(-)
create mode 100644 clang/test/CodeGen/unsigned-overflow.c
create mode 100644 clang/test/CodeGen/unsigned-promotion.c
create mode 100644 clang/test/CodeGen/unsigned-trapv.c
diff --git a/clang/docs/UsersManual.html b/clang/docs/UsersManual.html
index 35fc5dc..967d0db 100644
--- a/clang/docs/UsersManual.html
+++ b/clang/docs/UsersManual.html
@@ -875,21 +875,27 @@ likely to affect PCH files that reference a large number of headers.
- -fsanitize=check1,check2: Turn on runtime checks
-for various forms of undefined behavior.
+for various forms of undefined or suspicious behavior.
- This option controls whether Clang adds runtime checks for various forms of
-undefined behavior, and is disabled by default. If a check fails, a diagnostic
-message is produced at runtime explaining the problem. The main checks are:
+undefined or suspicious behavior, and is disabled by default. If a check
+fails, a diagnostic message is produced at runtime explaining the problem. The
+main checks are:
- -fsanitize=address:
AddressSanitizer, a memory error
detector.
+- -fsanitize=integer:
+ Enables checks for undefined or suspicious integer behavior.
- -fsanitize=thread:
ThreadSanitizer, an experimental
data race detector. Not ready for widespread use.
- -fsanitize=undefined:
- Enables all the checks listed below.
+ Fast and compatible undefined behavior checker. Enables the undefined behavior
+ checks that have small runtime cost and no impact on address space layout
+ or ABI. This includes all of the checks listed below other than unsigned
+ integer overflow.
The following more fine-grained checks are also available:
@@ -897,11 +903,13 @@ The following more fine-grained checks are also available:
- -fsanitize=alignment:
Use of a misaligned pointer or creation of a misaligned reference.
-- -fsanitize=divide-by-zero:
- Division by zero.
- -fsanitize=float-cast-overflow:
Conversion to, from, or between floating-point types which would overflow
the destination.
+- -fsanitize=float-divide-by-zero:
+ Floating point division by zero.
+- -fsanitize=integer-divide-by-zero:
+ Integer division by zero.
- -fsanitize=null:
Use of a null pointer or creation of a null reference.
- -fsanitize=object-size:
@@ -923,6 +931,8 @@ The following more fine-grained checks are also available:
and checking for overflow in signed division (INT_MIN / -1).
- -fsanitize=unreachable:
If control flow reaches __builtin_unreachable.
+- -fsanitize=unsigned-integer-overflow:
+ Unsigned integer overflows.
- -fsanitize=vla-bound:
A variable-length array whose bound does not evaluate to a positive value.
- -fsanitize=vptr:
diff --git a/clang/include/clang/Basic/Sanitizers.def b/clang/include/clang/Basic/Sanitizers.def
index 135832d..1085392 100644
--- a/clang/include/clang/Basic/Sanitizers.def
+++ b/clang/include/clang/Basic/Sanitizers.def
@@ -45,26 +45,34 @@ SANITIZER("address", Address)
SANITIZER("thread", Thread)
// UndefinedBehaviorSanitizer
-SANITIZER("signed-integer-overflow", SignedIntegerOverflow)
-SANITIZER("divide-by-zero", DivideByZero)
+SANITIZER("alignment", Alignment)
+SANITIZER("bounds", Bounds)
+SANITIZER("float-cast-overflow", FloatCastOverflow)
+SANITIZER("float-divide-by-zero", FloatDivideByZero)
+SANITIZER("integer-divide-by-zero", IntegerDivideByZero)
+SANITIZER("null", Null)
+SANITIZER("object-size", ObjectSize)
+SANITIZER("return", Return)
SANITIZER("shift", Shift)
+SANITIZER("signed-integer-overflow", SignedIntegerOverflow)
SANITIZER("unreachable", Unreachable)
-SANITIZER("return", Return)
SANITIZER("vla-bound", VLABound)
-SANITIZER("alignment", Alignment)
-SANITIZER("null", Null)
SANITIZER("vptr", Vptr)
-SANITIZER("object-size", ObjectSize)
-SANITIZER("float-cast-overflow", FloatCastOverflow)
-SANITIZER("bounds", Bounds)
+
+// IntegerSanitizer
+SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow)
// -fsanitize=undefined (and its alias -fcatch-undefined-behavior). This should
// include all the sanitizers which have low overhead, no ABI or address space
// layout implications, and only catch undefined behavior.
SANITIZER_GROUP("undefined", Undefined,
- SignedIntegerOverflow | DivideByZero | Shift | Unreachable |
- Return | VLABound | Alignment | Null | Vptr | ObjectSize |
- FloatCastOverflow | Bounds)
+ Alignment | Bounds | FloatCastOverflow | FloatDivideByZero |
+ IntegerDivideByZero | Null | ObjectSize | Return | Shift |
+ SignedIntegerOverflow | Unreachable | VLABound | Vptr)
+
+SANITIZER_GROUP("integer", Integer,
+ SignedIntegerOverflow | UnsignedIntegerOverflow | Shift |
+ IntegerDivideByZero)
#undef SANITIZER
#undef SANITIZER_GROUP
diff --git a/clang/lib/CodeGen/CGExprScalar.cpp b/clang/lib/CodeGen/CGExprScalar.cpp
index ed8b9c6..298be92 100644
--- a/clang/lib/CodeGen/CGExprScalar.cpp
+++ b/clang/lib/CodeGen/CGExprScalar.cpp
@@ -414,6 +414,10 @@ public:
}
}
+ if (Ops.Ty->isUnsignedIntegerType() &&
+ CGF.getLangOpts().SanitizeUnsignedIntegerOverflow)
+ return EmitOverflowCheckedBinOp(Ops);
+
if (Ops.LHS->getType()->isFPOrFPVectorTy())
return Builder.CreateFMul(Ops.LHS, Ops.RHS, "mul");
return Builder.CreateMul(Ops.LHS, Ops.RHS, "mul");
@@ -1472,11 +1476,23 @@ ScalarExprEmitter::EmitScalarPrePostIncDec(const UnaryOperator *E, LValue LV,
// Note that signed integer inc/dec with width less than int can't
// overflow because of promotion rules; we're just eliding a few steps here.
- if (type->isSignedIntegerOrEnumerationType() &&
- value->getType()->getPrimitiveSizeInBits() >=
- CGF.IntTy->getBitWidth())
+ if (value->getType()->getPrimitiveSizeInBits() >=
+ CGF.IntTy->getBitWidth() &&
+ type->isSignedIntegerOrEnumerationType()) {
value = EmitAddConsiderOverflowBehavior(E, value, amt, isInc);
- else
+ } else if (value->getType()->getPrimitiveSizeInBits() >=
+ CGF.IntTy->getBitWidth() &&
+ type->isUnsignedIntegerType() &&
+ CGF.getLangOpts().SanitizeUnsignedIntegerOverflow) {
+ BinOpInfo BinOp;
+ BinOp.LHS = value;
+ BinOp.RHS = llvm::ConstantInt::get(value->getType(), 1, false);
+ BinOp.Ty = E->getType();
+ BinOp.Opcode = isInc ? BO_Add : BO_Sub;
+ BinOp.FPContractable = false;
+ BinOp.E = E;
+ value = EmitOverflowCheckedBinOp(BinOp);
+ } else
value = Builder.CreateAdd(value, amt, isInc ? "inc" : "dec");
// Next most common: pointer increment.
@@ -1926,7 +1942,7 @@ void ScalarExprEmitter::EmitUndefinedBehaviorIntegerDivAndRemCheck(
const BinOpInfo &Ops, llvm::Value *Zero, bool isDiv) {
llvm::Value *Cond = 0;
- if (CGF.getLangOpts().SanitizeDivideByZero)
+ if (CGF.getLangOpts().SanitizeIntegerDivideByZero)
Cond = Builder.CreateICmpNE(Ops.RHS, Zero);
if (CGF.getLangOpts().SanitizeSignedIntegerOverflow &&
@@ -1948,16 +1964,17 @@ void ScalarExprEmitter::EmitUndefinedBehaviorIntegerDivAndRemCheck(
}
Value *ScalarExprEmitter::EmitDiv(const BinOpInfo &Ops) {
- if (CGF.getLangOpts().SanitizeDivideByZero ||
- CGF.getLangOpts().SanitizeSignedIntegerOverflow) {
+ if ((CGF.getLangOpts().SanitizeIntegerDivideByZero ||
+ CGF.getLangOpts().SanitizeSignedIntegerOverflow) &&
+ Ops.Ty->isIntegerType()) {
llvm::Value *Zero = llvm::Constant::getNullValue(ConvertType(Ops.Ty));
-
- if (Ops.Ty->isIntegerType())
- EmitUndefinedBehaviorIntegerDivAndRemCheck(Ops, Zero, true);
- else if (CGF.getLangOpts().SanitizeDivideByZero &&
- Ops.Ty->isRealFloatingType())
- EmitBinOpCheck(Builder.CreateFCmpUNE(Ops.RHS, Zero), Ops);
+ EmitUndefinedBehaviorIntegerDivAndRemCheck(Ops, Zero, true);
+ } else if (CGF.getLangOpts().SanitizeFloatDivideByZero &&
+ Ops.Ty->isRealFloatingType()) {
+ llvm::Value *Zero = llvm::Constant::getNullValue(ConvertType(Ops.Ty));
+ EmitBinOpCheck(Builder.CreateFCmpUNE(Ops.RHS, Zero), Ops);
}
+
if (Ops.LHS->getType()->isFPOrFPVectorTy()) {
llvm::Value *Val = Builder.CreateFDiv(Ops.LHS, Ops.RHS, "div");
if (CGF.getLangOpts().OpenCL) {
@@ -1978,10 +1995,10 @@ Value *ScalarExprEmitter::EmitDiv(const BinOpInfo &Ops) {
Value *ScalarExprEmitter::EmitRem(const BinOpInfo &Ops) {
// Rem in C can't be a floating point type: C99 6.5.5p2.
- if (CGF.getLangOpts().SanitizeDivideByZero) {
+ if (CGF.getLangOpts().SanitizeIntegerDivideByZero) {
llvm::Value *Zero = llvm::Constant::getNullValue(ConvertType(Ops.Ty));
- if (Ops.Ty->isIntegerType())
+ if (Ops.Ty->isIntegerType())
EmitUndefinedBehaviorIntegerDivAndRemCheck(Ops, Zero, false);
}
@@ -1995,27 +2012,32 @@ Value *ScalarExprEmitter::EmitOverflowCheckedBinOp(const BinOpInfo &Ops) {
unsigned IID;
unsigned OpID = 0;
+ bool isSigned = Ops.Ty->isSignedIntegerOrEnumerationType();
switch (Ops.Opcode) {
case BO_Add:
case BO_AddAssign:
OpID = 1;
- IID = llvm::Intrinsic::sadd_with_overflow;
+ IID = isSigned ? llvm::Intrinsic::sadd_with_overflow :
+ llvm::Intrinsic::uadd_with_overflow;
break;
case BO_Sub:
case BO_SubAssign:
OpID = 2;
- IID = llvm::Intrinsic::ssub_with_overflow;
+ IID = isSigned ? llvm::Intrinsic::ssub_with_overflow :
+ llvm::Intrinsic::usub_with_overflow;
break;
case BO_Mul:
case BO_MulAssign:
OpID = 3;
- IID = llvm::Intrinsic::smul_with_overflow;
+ IID = isSigned ? llvm::Intrinsic::smul_with_overflow :
+ llvm::Intrinsic::umul_with_overflow;
break;
default:
llvm_unreachable("Unsupported operation for overflow detection");
}
OpID <<= 1;
- OpID |= 1;
+ if (isSigned)
+ OpID |= 1;
llvm::Type *opTy = CGF.CGM.getTypes().ConvertType(Ops.Ty);
@@ -2031,7 +2053,7 @@ Value *ScalarExprEmitter::EmitOverflowCheckedBinOp(const BinOpInfo &Ops) {
if (handlerName->empty()) {
// If the signed-integer-overflow sanitizer is enabled, emit a call to its
// runtime. Otherwise, this is a -ftrapv check, so just emit a trap.
- if (CGF.getLangOpts().SanitizeSignedIntegerOverflow)
+ if (!isSigned || CGF.getLangOpts().SanitizeSignedIntegerOverflow)
EmitBinOpCheck(Builder.CreateNot(overflow), Ops);
else
CGF.EmitTrapvCheck(Builder.CreateNot(overflow));
@@ -2256,7 +2278,11 @@ Value *ScalarExprEmitter::EmitAdd(const BinOpInfo &op) {
return EmitOverflowCheckedBinOp(op);
}
}
-
+
+ if (op.Ty->isUnsignedIntegerType() &&
+ CGF.getLangOpts().SanitizeUnsignedIntegerOverflow)
+ return EmitOverflowCheckedBinOp(op);
+
if (op.LHS->getType()->isFPOrFPVectorTy()) {
// Try to form an fmuladd.
if (Value *FMulAdd = tryEmitFMulAdd(op, CGF, Builder))
@@ -2283,7 +2309,11 @@ Value *ScalarExprEmitter::EmitSub(const BinOpInfo &op) {
return EmitOverflowCheckedBinOp(op);
}
}
-
+
+ if (op.Ty->isUnsignedIntegerType() &&
+ CGF.getLangOpts().SanitizeUnsignedIntegerOverflow)
+ return EmitOverflowCheckedBinOp(op);
+
if (op.LHS->getType()->isFPOrFPVectorTy()) {
// Try to form an fmuladd.
if (Value *FMulAdd = tryEmitFMulAdd(op, CGF, Builder, true))
diff --git a/clang/lib/Driver/SanitizerArgs.h b/clang/lib/Driver/SanitizerArgs.h
index 85f81f4..ffc1493 100644
--- a/clang/lib/Driver/SanitizerArgs.h
+++ b/clang/lib/Driver/SanitizerArgs.h
@@ -30,7 +30,7 @@ class SanitizerArgs {
#include "clang/Basic/Sanitizers.def"
NeedsAsanRt = Address,
NeedsTsanRt = Thread,
- NeedsUbsanRt = Undefined ^ Bounds
+ NeedsUbsanRt = (Undefined & ~Bounds) | Integer
};
unsigned Kind;
diff --git a/clang/test/CodeGen/catch-undef-behavior.c b/clang/test/CodeGen/catch-undef-behavior.c
index 4198b62..7d50cea3 100644
--- a/clang/test/CodeGen/catch-undef-behavior.c
+++ b/clang/test/CodeGen/catch-undef-behavior.c
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,divide-by-zero -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s
+// RUN: %clang_cc1 -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s
// RUN: %clang_cc1 -fsanitize=null -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-NULL
// RUN: %clang_cc1 -fsanitize=signed-integer-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-OVERFLOW
diff --git a/clang/test/CodeGen/unsigned-overflow.c b/clang/test/CodeGen/unsigned-overflow.c
new file mode 100644
index 0000000..341ea35
--- /dev/null
+++ b/clang/test/CodeGen/unsigned-overflow.c
@@ -0,0 +1,125 @@
+// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -fsanitize=unsigned-integer-overflow %s -emit-llvm -o - | FileCheck %s
+// Verify checked operations are emitted for integers and longs.
+// unsigned short/char's tested in unsigned-promotion.c
+
+unsigned long li, lj, lk;
+unsigned int ii, ij, ik;
+
+extern void opaquelong(unsigned long);
+extern void opaqueint(unsigned int);
+
+// CHECK: define void @testlongadd()
+void testlongadd() {
+
+ // CHECK: [[T1:%.*]] = load i64* @lj
+ // CHECK-NEXT: [[T2:%.*]] = load i64* @lk
+ // CHECK-NEXT: [[T3:%.*]] = call { i64, i1 } @llvm.uadd.with.overflow.i64(i64 [[T1]], i64 [[T2]])
+ // CHECK-NEXT: [[T4:%.*]] = extractvalue { i64, i1 } [[T3]], 0
+ // CHECK-NEXT: [[T5:%.*]] = extractvalue { i64, i1 } [[T3]], 1
+ // CHECK: call void @__ubsan_handle_add_overflow
+ li = lj + lk;
+}
+
+// CHECK: define void @testlongsub()
+void testlongsub() {
+
+ // CHECK: [[T1:%.*]] = load i64* @lj
+ // CHECK-NEXT: [[T2:%.*]] = load i64* @lk
+ // CHECK-NEXT: [[T3:%.*]] = call { i64, i1 } @llvm.usub.with.overflow.i64(i64 [[T1]], i64 [[T2]])
+ // CHECK-NEXT: [[T4:%.*]] = extractvalue { i64, i1 } [[T3]], 0
+ // CHECK-NEXT: [[T5:%.*]] = extractvalue { i64, i1 } [[T3]], 1
+ // CHECK: call void @__ubsan_handle_sub_overflow
+ li = lj - lk;
+}
+
+// CHECK: define void @testlongmul()
+void testlongmul() {
+
+ // CHECK: [[T1:%.*]] = load i64* @lj
+ // CHECK-NEXT: [[T2:%.*]] = load i64* @lk
+ // CHECK-NEXT: [[T3:%.*]] = call { i64, i1 } @llvm.umul.with.overflow.i64(i64 [[T1]], i64 [[T2]])
+ // CHECK-NEXT: [[T4:%.*]] = extractvalue { i64, i1 } [[T3]], 0
+ // CHECK-NEXT: [[T5:%.*]] = extractvalue { i64, i1 } [[T3]], 1
+ // CHECK: call void @__ubsan_handle_mul_overflow
+ li = lj * lk;
+}
+
+// CHECK: define void @testlongpostinc()
+void testlongpostinc() {
+ opaquelong(li++);
+
+ // CHECK: [[T1:%.*]] = load i64* @li
+ // CHECK-NEXT: [[T2:%.*]] = call { i64, i1 } @llvm.uadd.with.overflow.i64(i64 [[T1]], i64 1)
+ // CHECK-NEXT: [[T3:%.*]] = extractvalue { i64, i1 } [[T2]], 0
+ // CHECK-NEXT: [[T4:%.*]] = extractvalue { i64, i1 } [[T2]], 1
+ // CHECK: call void @__ubsan_handle_add_overflow
+}
+
+// CHECK: define void @testlongpreinc()
+void testlongpreinc() {
+ opaquelong(++li);
+
+ // CHECK: [[T1:%.*]] = load i64* @li
+ // CHECK-NEXT: [[T2:%.*]] = call { i64, i1 } @llvm.uadd.with.overflow.i64(i64 [[T1]], i64 1)
+ // CHECK-NEXT: [[T3:%.*]] = extractvalue { i64, i1 } [[T2]], 0
+ // CHECK-NEXT: [[T4:%.*]] = extractvalue { i64, i1 } [[T2]], 1
+ // CHECK: call void @__ubsan_handle_add_overflow
+}
+
+// CHECK: define void @testintadd()
+void testintadd() {
+
+ // CHECK: [[T1:%.*]] = load i32* @ij
+ // CHECK-NEXT: [[T2:%.*]] = load i32* @ik
+ // CHECK-NEXT: [[T3:%.*]] = call { i32, i1 } @llvm.uadd.with.overflow.i32(i32 [[T1]], i32 [[T2]])
+ // CHECK-NEXT: [[T4:%.*]] = extractvalue { i32, i1 } [[T3]], 0
+ // CHECK-NEXT: [[T5:%.*]] = extractvalue { i32, i1 } [[T3]], 1
+ // CHECK: call void @__ubsan_handle_add_overflow
+ ii = ij + ik;
+}
+
+// CHECK: define void @testintsub()
+void testintsub() {
+
+ // CHECK: [[T1:%.*]] = load i32* @ij
+ // CHECK-NEXT: [[T2:%.*]] = load i32* @ik
+ // CHECK-NEXT: [[T3:%.*]] = call { i32, i1 } @llvm.usub.with.overflow.i32(i32 [[T1]], i32 [[T2]])
+ // CHECK-NEXT: [[T4:%.*]] = extractvalue { i32, i1 } [[T3]], 0
+ // CHECK-NEXT: [[T5:%.*]] = extractvalue { i32, i1 } [[T3]], 1
+ // CHECK: call void @__ubsan_handle_sub_overflow
+ ii = ij - ik;
+}
+
+// CHECK: define void @testintmul()
+void testintmul() {
+
+ // CHECK: [[T1:%.*]] = load i32* @ij
+ // CHECK-NEXT: [[T2:%.*]] = load i32* @ik
+ // CHECK-NEXT: [[T3:%.*]] = call { i32, i1 } @llvm.umul.with.overflow.i32(i32 [[T1]], i32 [[T2]])
+ // CHECK-NEXT: [[T4:%.*]] = extractvalue { i32, i1 } [[T3]], 0
+ // CHECK-NEXT: [[T5:%.*]] = extractvalue { i32, i1 } [[T3]], 1
+ // CHECK: call void @__ubsan_handle_mul_overflow
+ ii = ij * ik;
+}
+
+// CHECK: define void @testintpostinc()
+void testintpostinc() {
+ opaqueint(ii++);
+
+ // CHECK: [[T1:%.*]] = load i32* @ii
+ // CHECK-NEXT: [[T2:%.*]] = call { i32, i1 } @llvm.uadd.with.overflow.i32(i32 [[T1]], i32 1)
+ // CHECK-NEXT: [[T3:%.*]] = extractvalue { i32, i1 } [[T2]], 0
+ // CHECK-NEXT: [[T4:%.*]] = extractvalue { i32, i1 } [[T2]], 1
+ // CHECK: call void @__ubsan_handle_add_overflow
+}
+
+// CHECK: define void @testintpreinc()
+void testintpreinc() {
+ opaqueint(++ii);
+
+ // CHECK: [[T1:%.*]] = load i32* @ii
+ // CHECK-NEXT: [[T2:%.*]] = call { i32, i1 } @llvm.uadd.with.overflow.i32(i32 [[T1]], i32 1)
+ // CHECK-NEXT: [[T3:%.*]] = extractvalue { i32, i1 } [[T2]], 0
+ // CHECK-NEXT: [[T4:%.*]] = extractvalue { i32, i1 } [[T2]], 1
+ // CHECK: call void @__ubsan_handle_add_overflow
+}
diff --git a/clang/test/CodeGen/unsigned-promotion.c b/clang/test/CodeGen/unsigned-promotion.c
new file mode 100644
index 0000000..c263c0c
--- /dev/null
+++ b/clang/test/CodeGen/unsigned-promotion.c
@@ -0,0 +1,143 @@
+// Check -fsanitize=signed-integer-overflow and
+// -fsanitize=unsigned-integer-overflow with promoted unsigned types
+//
+// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -emit-llvm -o - %s \
+// RUN: -fsanitize=signed-integer-overflow | FileCheck %s --check-prefix=CHECKS
+// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -emit-llvm -o - %s \
+// RUN: -fsanitize=unsigned-integer-overflow | FileCheck %s --check-prefix=CHECKU
+
+unsigned short si, sj, sk;
+unsigned char ci, cj, ck;
+
+extern void opaqueshort(unsigned short);
+extern void opaquechar(unsigned char);
+
+// CHECKS: define void @testshortadd()
+// CHECKU: define void @testshortadd()
+void testshortadd() {
+ // CHECKS: load i16* @sj
+ // CHECKS: load i16* @sk
+ // CHECKS: [[T1:%.*]] = call { i32, i1 } @llvm.sadd.with.overflow.i32(i32 [[T2:%.*]], i32 [[T3:%.*]])
+ // CHECKS-NEXT: [[T4:%.*]] = extractvalue { i32, i1 } [[T1]], 0
+ // CHECKS-NEXT: [[T5:%.*]] = extractvalue { i32, i1 } [[T1]], 1
+ // CHECKS: call void @__ubsan_handle_add_overflow
+ //
+ // CHECKU: [[T1:%.*]] = load i16* @sj
+ // CHECKU: [[T2:%.*]] = zext i16 [[T1]]
+ // CHECKU: [[T3:%.*]] = load i16* @sk
+ // CHECKU: [[T4:%.*]] = zext i16 [[T3]]
+ // CHECKU-NOT: llvm.sadd
+ // CHECKU-NOT: llvm.uadd
+ // CHECKU: [[T5:%.*]] = add nsw i32 [[T2]], [[T4]]
+
+ si = sj + sk;
+}
+
+// CHECKS: define void @testshortsub()
+// CHECKU: define void @testshortsub()
+void testshortsub() {
+
+ // CHECKS: load i16* @sj
+ // CHECKS: load i16* @sk
+ // CHECKS: [[T1:%.*]] = call { i32, i1 } @llvm.ssub.with.overflow.i32(i32 [[T2:%.*]], i32 [[T3:%.*]])
+ // CHECKS-NEXT: [[T4:%.*]] = extractvalue { i32, i1 } [[T1]], 0
+ // CHECKS-NEXT: [[T5:%.*]] = extractvalue { i32, i1 } [[T1]], 1
+ // CHECKS: call void @__ubsan_handle_sub_overflow
+ //
+ // CHECKU: [[T1:%.*]] = load i16* @sj
+ // CHECKU: [[T2:%.*]] = zext i16 [[T1]]
+ // CHECKU: [[T3:%.*]] = load i16* @sk
+ // CHECKU: [[T4:%.*]] = zext i16 [[T3]]
+ // CHECKU-NOT: llvm.ssub
+ // CHECKU-NOT: llvm.usub
+ // CHECKU: [[T5:%.*]] = sub nsw i32 [[T2]], [[T4]]
+
+ si = sj - sk;
+}
+
+// CHECKS: define void @testshortmul()
+// CHECKU: define void @testshortmul()
+void testshortmul() {
+
+ // CHECKS: load i16* @sj
+ // CHECKS: load i16* @sk
+ // CHECKS: [[T1:%.*]] = call { i32, i1 } @llvm.smul.with.overflow.i32(i32 [[T2:%.*]], i32 [[T3:%.*]])
+ // CHECKS-NEXT: [[T4:%.*]] = extractvalue { i32, i1 } [[T1]], 0
+ // CHECKS-NEXT: [[T5:%.*]] = extractvalue { i32, i1 } [[T1]], 1
+ // CHECKS: call void @__ubsan_handle_mul_overflow
+ //
+ // CHECKU: [[T1:%.*]] = load i16* @sj
+ // CHECKU: [[T2:%.*]] = zext i16 [[T1]]
+ // CHECKU: [[T3:%.*]] = load i16* @sk
+ // CHECKU: [[T4:%.*]] = zext i16 [[T3]]
+ // CHECKU-NOT: llvm.smul
+ // CHECKU-NOT: llvm.umul
+ // CHECKU: [[T5:%.*]] = mul nsw i32 [[T2]], [[T4]]
+ si = sj * sk;
+}
+
+// CHECKS: define void @testcharadd()
+// CHECKU: define void @testcharadd()
+void testcharadd() {
+
+ // CHECKS: load i8* @cj
+ // CHECKS: load i8* @ck
+ // CHECKS: [[T1:%.*]] = call { i32, i1 } @llvm.sadd.with.overflow.i32(i32 [[T2:%.*]], i32 [[T3:%.*]])
+ // CHECKS-NEXT: [[T4:%.*]] = extractvalue { i32, i1 } [[T1]], 0
+ // CHECKS-NEXT: [[T5:%.*]] = extractvalue { i32, i1 } [[T1]], 1
+ // CHECKS: call void @__ubsan_handle_add_overflow
+ //
+ // CHECKU: [[T1:%.*]] = load i8* @cj
+ // CHECKU: [[T2:%.*]] = zext i8 [[T1]]
+ // CHECKU: [[T3:%.*]] = load i8* @ck
+ // CHECKU: [[T4:%.*]] = zext i8 [[T3]]
+ // CHECKU-NOT: llvm.sadd
+ // CHECKU-NOT: llvm.uadd
+ // CHECKU: [[T5:%.*]] = add nsw i32 [[T2]], [[T4]]
+
+ ci = cj + ck;
+}
+
+// CHECKS: define void @testcharsub()
+// CHECKU: define void @testcharsub()
+void testcharsub() {
+
+ // CHECKS: load i8* @cj
+ // CHECKS: load i8* @ck
+ // CHECKS: [[T1:%.*]] = call { i32, i1 } @llvm.ssub.with.overflow.i32(i32 [[T2:%.*]], i32 [[T3:%.*]])
+ // CHECKS-NEXT: [[T4:%.*]] = extractvalue { i32, i1 } [[T1]], 0
+ // CHECKS-NEXT: [[T5:%.*]] = extractvalue { i32, i1 } [[T1]], 1
+ // CHECKS: call void @__ubsan_handle_sub_overflow
+ //
+ // CHECKU: [[T1:%.*]] = load i8* @cj
+ // CHECKU: [[T2:%.*]] = zext i8 [[T1]]
+ // CHECKU: [[T3:%.*]] = load i8* @ck
+ // CHECKU: [[T4:%.*]] = zext i8 [[T3]]
+ // CHECKU-NOT: llvm.ssub
+ // CHECKU-NOT: llvm.usub
+ // CHECKU: [[T5:%.*]] = sub nsw i32 [[T2]], [[T4]]
+
+ ci = cj - ck;
+}
+
+// CHECKS: define void @testcharmul()
+// CHECKU: define void @testcharmul()
+void testcharmul() {
+
+ // CHECKS: load i8* @cj
+ // CHECKS: load i8* @ck
+ // CHECKS: [[T1:%.*]] = call { i32, i1 } @llvm.smul.with.overflow.i32(i32 [[T2:%.*]], i32 [[T3:%.*]])
+ // CHECKS-NEXT: [[T4:%.*]] = extractvalue { i32, i1 } [[T1]], 0
+ // CHECKS-NEXT: [[T5:%.*]] = extractvalue { i32, i1 } [[T1]], 1
+ // CHECKS: call void @__ubsan_handle_mul_overflow
+ //
+ // CHECKU: [[T1:%.*]] = load i8* @cj
+ // CHECKU: [[T2:%.*]] = zext i8 [[T1]]
+ // CHECKU: [[T3:%.*]] = load i8* @ck
+ // CHECKU: [[T4:%.*]] = zext i8 [[T3]]
+ // CHECKU-NOT: llvm.smul
+ // CHECKU-NOT: llvm.umul
+ // CHECKU: [[T5:%.*]] = mul nsw i32 [[T2]], [[T4]]
+
+ ci = cj * ck;
+}
diff --git a/clang/test/CodeGen/unsigned-trapv.c b/clang/test/CodeGen/unsigned-trapv.c
new file mode 100644
index 0000000..b7aed03
--- /dev/null
+++ b/clang/test/CodeGen/unsigned-trapv.c
@@ -0,0 +1,38 @@
+// RUN: %clang_cc1 -triple x86_64-apple-darwin %s -emit-llvm -o - -fsanitize=unsigned-integer-overflow | FileCheck %s --check-prefix=UNSIGNED
+// RUN: %clang_cc1 -triple x86_64-apple-darwin %s -emit-llvm -o - -ftrapv | FileCheck %s --check-prefix=TRAPV
+// RUN: %clang_cc1 -triple x86_64-apple-darwin %s -emit-llvm -o - -fsanitize=unsigned-integer-overflow -ftrapv | FileCheck %s --check-prefix=BOTH
+// Verify that -ftrapv and -fsanitize=unsigned-integer-overflow
+// work together as expected
+
+
+// UNSIGNED: @test_signed
+// TRAPV: @test_signed
+// BOTH: @test_signed
+void test_signed() {
+ extern volatile int a, b, c;
+ // UNSIGNED: add nsw i32
+ // UNSIGNED-NOT: overflow
+ // TRAPV: sadd.with.overflow.i32
+ // TRAPV-NOT: ubsan
+ // TRAPV: llvm.trap
+ // BOTH: sadd.with.overflow.i32
+ // BOTH-NOT: ubsan
+ // BOTH: llvm.trap
+ a = b + c;
+}
+
+// UNSIGNED: @test_unsigned
+// TRAPV: @test_unsigned
+// BOTH: @test_unsigned
+void test_unsigned() {
+ extern volatile unsigned x, y, z;
+ // UNSIGNED: uadd.with.overflow.i32
+ // UNSIGNED-NOT: llvm.trap
+ // UNSIGNED: ubsan
+ // TRAPV-NOT: overflow
+ // TRAPV-NOT: llvm.trap
+ // BOTH: uadd.with.overflow.i32
+ // BOTH: ubsan
+ // BOTH-NOT: llvm.trap
+ x = y + z;
+}
diff --git a/clang/test/CodeGenCXX/catch-undef-behavior.cpp b/clang/test/CodeGenCXX/catch-undef-behavior.cpp
index fd9e3d7..9c2985c 100644
--- a/clang/test/CodeGenCXX/catch-undef-behavior.cpp
+++ b/clang/test/CodeGenCXX/catch-undef-behavior.cpp
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -fsanitize=signed-integer-overflow,divide-by-zero,shift,unreachable,return,vla-bound,alignment,null,vptr,object-size,float-cast-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s
+// RUN: %clang_cc1 -fsanitize=signed-integer-overflow,integer-divide-by-zero,float-divide-by-zero,shift,unreachable,return,vla-bound,alignment,null,vptr,object-size,float-cast-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s
// CHECK: @_Z17reference_binding
void reference_binding(int *p) {
diff --git a/clang/test/Driver/fsanitize.c b/clang/test/Driver/fsanitize.c
index 9812c25..8b15864 100644
--- a/clang/test/Driver/fsanitize.c
+++ b/clang/test/Driver/fsanitize.c
@@ -1,9 +1,14 @@
// RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED
-// CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow|divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|bounds),?){12}"}}
// RUN: %clang -target x86_64-linux-gnu -fsanitize=thread,undefined -fno-thread-sanitizer -fno-sanitize=float-cast-overflow,vptr %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-PARTIAL-UNDEFINED
-// CHECK-PARTIAL-UNDEFINED: "-fsanitize={{((signed-integer-overflow|divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|object-size|bounds),?){10}"}}
+// CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|bounds),?){13}"}}
+//
+// RUN: %clang -target x86_64-linux-gnu -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER
+// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift),?){4}"}}
+
+// RUN: %clang -target x86_64-linux-gnu -fsanitize=thread,undefined -fno-thread-sanitizer -fno-sanitize=float-cast-overflow,vptr %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-PARTIAL-UNDEFINED
+// CHECK-PARTIAL-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|object-size|bounds),?){11}"}}
// RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fno-rtti %s -c -o /dev/null 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-NO-RTTI
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fno-rtti %s -c -o /dev/null 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-NO-RTTI
--
2.7.4