From ae229d599b8ccf5475fbdf2459fc54f2cce3dec7 Mon Sep 17 00:00:00 2001 From: Chad Rosier Date: Tue, 29 Jan 2013 23:31:22 +0000 Subject: [PATCH] [ubsan] Implement the -fcatch-undefined-behavior flag using a trapping implementation; this is much more inline with the original implementation (i.e., pre-ubsan) and does not require run-time library support. The trapping implementation can be invoked using either '-fcatch-undefined-behavior' or '-fsanitize=undefined-trap -fsanitize-undefined-trap-on-error', with the latter being preferred. Eventually, the -fcatch-undefined-behavior' flag will be removed. llvm-svn: 173848 --- clang/docs/UsersManual.rst | 8 ++ clang/include/clang/Basic/Sanitizers.def | 15 ++- clang/include/clang/Driver/Options.td | 4 + clang/include/clang/Frontend/CodeGenOptions.def | 2 + clang/lib/CodeGen/CGExpr.cpp | 9 +- clang/lib/CodeGen/CGExprScalar.cpp | 2 +- clang/lib/CodeGen/CodeGenFunction.h | 2 +- clang/lib/Driver/SanitizerArgs.h | 18 ++- clang/lib/Driver/Tools.cpp | 32 +++++ clang/lib/Frontend/CompilerInvocation.cpp | 2 + clang/test/CodeGen/catch-undef-behavior.c | 149 ++++++++++++++++++++++++ clang/test/Driver/fsanitize.c | 21 +++- 12 files changed, 251 insertions(+), 13 deletions(-) diff --git a/clang/docs/UsersManual.rst b/clang/docs/UsersManual.rst index eb17eed..75fc3bb 100644 --- a/clang/docs/UsersManual.rst +++ b/clang/docs/UsersManual.rst @@ -867,6 +867,14 @@ are listed below. includes all of the checks listed below other than ``unsigned-integer-overflow``. + ``-fsanitize=undefined-trap``: This includes all sanitizers + included by ``-fsanitize=undefined``, except those that require + runtime support. This group of sanitizers are generally used + in conjunction with the ``-fsanitize-undefined-trap-on-error`` + flag, which causes traps to be emitted, rather than calls to + runtime libraries. This includes all of the checks listed below + other than ``unsigned-integer-overflow`` and ``vptr``. + The following more fine-grained checks are also available: - ``-fsanitize=alignment``: Use of a misaligned pointer or creation diff --git a/clang/include/clang/Basic/Sanitizers.def b/clang/include/clang/Basic/Sanitizers.def index 3e02b3a..709ec8d 100644 --- a/clang/include/clang/Basic/Sanitizers.def +++ b/clang/include/clang/Basic/Sanitizers.def @@ -74,15 +74,24 @@ SANITIZER("vptr", Vptr) // IntegerSanitizer SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow) -// -fsanitize=undefined (and its alias -fcatch-undefined-behavior). This should -// include all the sanitizers which have low overhead, no ABI or address space -// layout implications, and only catch undefined behavior. +// -fsanitize=undefined includes all the sanitizers which have low overhead, no +// ABI or address space layout implications, and only catch undefined behavior. SANITIZER_GROUP("undefined", Undefined, Alignment | Bool | Bounds | Enum | FloatCastOverflow | FloatDivideByZero | IntegerDivideByZero | Null | ObjectSize | Return | Shift | SignedIntegerOverflow | Unreachable | VLABound | Vptr) +// -fsanitize=undefined-trap (and its alias -fcatch-undefined-behavior) includes +// all sanitizers included by -fsanitize=undefined, except those that require +// runtime support. This group is generally used in conjunction with the +// -fsanitize-undefined-trap-on-error flag. +SANITIZER_GROUP("undefined-trap", UndefinedTrap, + Alignment | Bool | Bounds | Enum | FloatCastOverflow | + FloatDivideByZero | IntegerDivideByZero | Null | ObjectSize | + Return | Shift | SignedIntegerOverflow | Unreachable | + VLABound) + SANITIZER_GROUP("integer", Integer, SignedIntegerOverflow | UnsignedIntegerOverflow | Shift | IntegerDivideByZero) diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td index 378cf6f..4919508 100644 --- a/clang/include/clang/Driver/Options.td +++ b/clang/include/clang/Driver/Options.td @@ -414,6 +414,10 @@ def fsanitize_recover : Flag<["-"], "fsanitize-recover">, def fno_sanitize_recover : Flag<["-"], "fno-sanitize-recover">, Group, Flags<[CC1Option]>, HelpText<"Disable sanitizer check recovery">; +def fsanitize_undefined_trap_on_error : Flag<["-"], "fsanitize-undefined-trap-on-error">, + Group, Flags<[CC1Option]>; +def fno_sanitize_undefined_trap_on_error : Flag<["-"], "fno-sanitize-undefined-trap-on-error">, + Group; def funsafe_math_optimizations : Flag<["-"], "funsafe-math-optimizations">, Group; def fno_unsafe_math_optimizations : Flag<["-"], "fno-unsafe-math-optimizations">, diff --git a/clang/include/clang/Frontend/CodeGenOptions.def b/clang/include/clang/Frontend/CodeGenOptions.def index 64eff9c..bbb75ab 100644 --- a/clang/include/clang/Frontend/CodeGenOptions.def +++ b/clang/include/clang/Frontend/CodeGenOptions.def @@ -87,6 +87,8 @@ CODEGENOPT(SanitizeAddressZeroBaseShadow , 1, 0) ///< Map shadow memory at zero ///< offset in AddressSanitizer. CODEGENOPT(SanitizeMemoryTrackOrigins, 1, 0) ///< Enable tracking origins in ///< MemorySanitizer +CODEGENOPT(SanitizeUndefinedTrapOnError, 1, 0) ///< Set on + /// -fsanitize-undefined-trap-on-error CODEGENOPT(SimplifyLibCalls , 1, 1) ///< Set when -fbuiltin is enabled. CODEGENOPT(SoftFloat , 1, 0) ///< -soft-float. CODEGENOPT(StrictEnums , 1, 0) ///< Optimize based on strict enum definition. diff --git a/clang/lib/CodeGen/CGExpr.cpp b/clang/lib/CodeGen/CGExpr.cpp index 9bef08b..aad8771 100644 --- a/clang/lib/CodeGen/CGExpr.cpp +++ b/clang/lib/CodeGen/CGExpr.cpp @@ -1975,6 +1975,13 @@ void CodeGenFunction::EmitCheck(llvm::Value *Checked, StringRef CheckName, ArrayRef DynamicArgs, CheckRecoverableKind RecoverKind) { assert(SanOpts != &SanitizerOptions::Disabled); + + if (CGM.getCodeGenOpts().SanitizeUndefinedTrapOnError) { + assert (RecoverKind != CRK_AlwaysRecoverable && + "Runtime call required for AlwaysRecoverable kind!"); + return EmitTrapCheck(Checked); + } + llvm::BasicBlock *Cont = createBasicBlock("cont"); llvm::BasicBlock *Handler = createBasicBlock("handler." + CheckName); @@ -2043,7 +2050,7 @@ void CodeGenFunction::EmitCheck(llvm::Value *Checked, StringRef CheckName, EmitBlock(Cont); } -void CodeGenFunction::EmitTrapvCheck(llvm::Value *Checked) { +void CodeGenFunction::EmitTrapCheck(llvm::Value *Checked) { llvm::BasicBlock *Cont = createBasicBlock("cont"); // If we're optimizing, collapse all calls to trap down to just one per diff --git a/clang/lib/CodeGen/CGExprScalar.cpp b/clang/lib/CodeGen/CGExprScalar.cpp index 7f0eda8..49494be 100644 --- a/clang/lib/CodeGen/CGExprScalar.cpp +++ b/clang/lib/CodeGen/CGExprScalar.cpp @@ -2044,7 +2044,7 @@ Value *ScalarExprEmitter::EmitOverflowCheckedBinOp(const BinOpInfo &Ops) { if (!isSigned || CGF.SanOpts->SignedIntegerOverflow) EmitBinOpCheck(Builder.CreateNot(overflow), Ops); else - CGF.EmitTrapvCheck(Builder.CreateNot(overflow)); + CGF.EmitTrapCheck(Builder.CreateNot(overflow)); return result; } diff --git a/clang/lib/CodeGen/CodeGenFunction.h b/clang/lib/CodeGen/CodeGenFunction.h index 6f06b3b..ce3db3f 100644 --- a/clang/lib/CodeGen/CodeGenFunction.h +++ b/clang/lib/CodeGen/CodeGenFunction.h @@ -2606,7 +2606,7 @@ public: /// \brief Create a basic block that will call the trap intrinsic, and emit a /// conditional branch to it, for the -ftrapv checks. - void EmitTrapvCheck(llvm::Value *Checked); + void EmitTrapCheck(llvm::Value *Checked); /// EmitCallArg - Emit a single call argument. void EmitCallArg(CallArgList &args, const Expr *E, QualType ArgType); diff --git a/clang/lib/Driver/SanitizerArgs.h b/clang/lib/Driver/SanitizerArgs.h index a281959..bc3aa58 100644 --- a/clang/lib/Driver/SanitizerArgs.h +++ b/clang/lib/Driver/SanitizerArgs.h @@ -36,25 +36,32 @@ class SanitizerArgs { NeedsAsanRt = Address, NeedsTsanRt = Thread, NeedsMsanRt = Memory, - NeedsUbsanRt = (Undefined & ~Bounds) | Integer + NeedsUbsanRt = (Undefined & ~Bounds) | Integer, + NotAllowedWithTrap = Vptr }; unsigned Kind; std::string BlacklistFile; bool MsanTrackOrigins; bool AsanZeroBaseShadow; + bool UbsanTrapOnError; public: SanitizerArgs() : Kind(0), BlacklistFile(""), MsanTrackOrigins(false), - AsanZeroBaseShadow(false) {} + AsanZeroBaseShadow(false), UbsanTrapOnError(false) {} /// Parses the sanitizer arguments from an argument list. SanitizerArgs(const Driver &D, const ArgList &Args); bool needsAsanRt() const { return Kind & NeedsAsanRt; } bool needsTsanRt() const { return Kind & NeedsTsanRt; } bool needsMsanRt() const { return Kind & NeedsMsanRt; } - bool needsUbsanRt() const { return Kind & NeedsUbsanRt; } + bool needsUbsanRt() const { + if (UbsanTrapOnError) + return false; + return Kind & NeedsUbsanRt; + } bool sanitizesVptr() const { return Kind & Vptr; } + bool notAllowedWithTrap() const { return Kind & NotAllowedWithTrap; } void addArgs(const ArgList &Args, ArgStringList &CmdArgs) const { if (!Kind) @@ -127,8 +134,9 @@ class SanitizerArgs { Remove = Thread; DeprecatedReplacement = "-fno-sanitize=thread"; } else if (A->getOption().matches(options::OPT_fcatch_undefined_behavior)) { - Add = Undefined; - DeprecatedReplacement = "-fsanitize=undefined"; + Add = UndefinedTrap; + DeprecatedReplacement = + "-fsanitize=undefined-trap -fsanitize-undefined-trap-on-error"; } else if (A->getOption().matches(options::OPT_fbounds_checking) || A->getOption().matches(options::OPT_fbounds_checking_EQ)) { Add = Bounds; diff --git a/clang/lib/Driver/Tools.cpp b/clang/lib/Driver/Tools.cpp index e4be693..f925f76 100644 --- a/clang/lib/Driver/Tools.cpp +++ b/clang/lib/Driver/Tools.cpp @@ -1459,6 +1459,33 @@ SanitizerArgs::SanitizerArgs(const Driver &D, const ArgList &Args) AllKinds |= Add; } + UbsanTrapOnError = + Args.hasArg(options::OPT_fcatch_undefined_behavior) || + Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error, + options::OPT_fno_sanitize_undefined_trap_on_error, false); + + if (Args.hasArg(options::OPT_fcatch_undefined_behavior) && + !Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error, + options::OPT_fno_sanitize_undefined_trap_on_error, true)) { + D.Diag(diag::err_drv_argument_not_allowed_with) + << "-fcatch-undefined-behavior" + << "-fno-sanitize-undefined-trap-on-error"; + } + + // Warn about undefined sanitizer options that require runtime support. + if (UbsanTrapOnError && notAllowedWithTrap()) { + if (Args.hasArg(options::OPT_fcatch_undefined_behavior)) + D.Diag(diag::err_drv_argument_not_allowed_with) + << lastArgumentForKind(D, Args, NotAllowedWithTrap) + << "-fcatch-undefined-behavior"; + else if (Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error, + options::OPT_fno_sanitize_undefined_trap_on_error, + false)) + D.Diag(diag::err_drv_argument_not_allowed_with) + << lastArgumentForKind(D, Args, NotAllowedWithTrap) + << "-fsanitize-undefined-trap-on-error"; + } + // Only one runtime library can be used at once. bool NeedsAsan = needsAsanRt(); bool NeedsTsan = needsTsanRt(); @@ -2501,6 +2528,11 @@ void Clang::ConstructJob(Compilation &C, const JobAction &JA, true)) CmdArgs.push_back("-fno-sanitize-recover"); + if (Args.hasArg(options::OPT_fcatch_undefined_behavior) || + Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error, + options::OPT_fno_sanitize_undefined_trap_on_error, false)) + CmdArgs.push_back("-fsanitize-undefined-trap-on-error"); + // Report and error for -faltivec on anything other then PowerPC. if (const Arg *A = Args.getLastArg(options::OPT_faltivec)) if (!(getToolChain().getTriple().getArch() == llvm::Triple::ppc || diff --git a/clang/lib/Frontend/CompilerInvocation.cpp b/clang/lib/Frontend/CompilerInvocation.cpp index b200637..245de34 100644 --- a/clang/lib/Frontend/CompilerInvocation.cpp +++ b/clang/lib/Frontend/CompilerInvocation.cpp @@ -392,6 +392,8 @@ static bool ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args, InputKind IK, Args.hasArg(OPT_fsanitize_memory_track_origins); Opts.SanitizeAddressZeroBaseShadow = Args.hasArg(OPT_fsanitize_address_zero_base_shadow); + Opts.SanitizeUndefinedTrapOnError = + Args.hasArg(OPT_fsanitize_undefined_trap_on_error); Opts.SSPBufferSize = Args.getLastArgIntValue(OPT_stack_protector_buffer_size, 8, Diags); Opts.StackRealignment = Args.hasArg(OPT_mstackrealign); diff --git a/clang/test/CodeGen/catch-undef-behavior.c b/clang/test/CodeGen/catch-undef-behavior.c index ca8e796..2901a01 100644 --- a/clang/test/CodeGen/catch-undef-behavior.c +++ b/clang/test/CodeGen/catch-undef-behavior.c @@ -1,4 +1,5 @@ // RUN: %clang_cc1 -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s +// RUN: %clang_cc1 -fsanitize-undefined-trap-on-error -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-TRAP // RUN: %clang_cc1 -fsanitize=null -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-NULL // RUN: %clang_cc1 -fsanitize=signed-integer-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-OVERFLOW @@ -24,25 +25,42 @@ // PR6805 // CHECK: @foo // CHECK-NULL: @foo +// CHECK-TRAP: @foo void foo() { union { int i; } u; // CHECK: %[[CHECK0:.*]] = icmp ne {{.*}}* %[[PTR:.*]], null + // CHECK-TRAP: %[[CHECK0:.*]] = icmp ne {{.*}}* %[[PTR:.*]], null // CHECK: %[[I8PTR:.*]] = bitcast i32* %[[PTR]] to i8* // CHECK-NEXT: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64(i8* %[[I8PTR]], i1 false) // CHECK-NEXT: %[[CHECK1:.*]] = icmp uge i64 %[[SIZE]], 4 // CHECK-NEXT: %[[CHECK01:.*]] = and i1 %[[CHECK0]], %[[CHECK1]] + // CHECK-TRAP: %[[I8PTR:.*]] = bitcast i32* %[[PTR]] to i8* + // CHECK-TRAP-NEXT: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64(i8* %[[I8PTR]], i1 false) + // CHECK-TRAP-NEXT: %[[CHECK1:.*]] = icmp uge i64 %[[SIZE]], 4 + // CHECK-TRAP-NEXT: %[[CHECK01:.*]] = and i1 %[[CHECK0]], %[[CHECK1]] + // CHECK: %[[PTRTOINT:.*]] = ptrtoint {{.*}}* %[[PTR]] to i64 // CHECK-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRTOINT]], 3 // CHECK-NEXT: %[[CHECK2:.*]] = icmp eq i64 %[[MISALIGN]], 0 + // CHECK-TRAP: %[[PTRTOINT:.*]] = ptrtoint {{.*}}* %[[PTR]] to i64 + // CHECK-TRAP-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRTOINT]], 3 + // CHECK-TRAP-NEXT: %[[CHECK2:.*]] = icmp eq i64 %[[MISALIGN]], 0 + // CHECK: %[[OK:.*]] = and i1 %[[CHECK01]], %[[CHECK2]] // CHECK-NEXT: br i1 %[[OK]], {{.*}} !prof ![[WEIGHT_MD:.*]] + // CHECK-TRAP: %[[OK:.*]] = and i1 %[[CHECK01]], %[[CHECK2]] + // CHECK-TRAP-NEXT: br i1 %[[OK]], {{.*}} + // CHECK: %[[ARG:.*]] = ptrtoint {{.*}} %[[PTR]] to i64 // CHECK-NEXT: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_100]] to i8*), i64 %[[ARG]]) + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable + // With -fsanitize=null, only perform the null check. // CHECK-NULL: %[[NULL:.*]] = icmp ne {{.*}}, null // CHECK-NULL: br i1 %[[NULL]] @@ -52,16 +70,28 @@ void foo() { } // CHECK: @bar +// CHECK-TRAP: @bar int bar(int *a) { // CHECK: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64 // CHECK-NEXT: icmp uge i64 %[[SIZE]], 4 + // CHECK-TRAP: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64 + // CHECK-TRAP-NEXT: icmp uge i64 %[[SIZE]], 4 + // CHECK: %[[PTRINT:.*]] = ptrtoint // CHECK-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRINT]], 3 // CHECK-NEXT: icmp eq i64 %[[MISALIGN]], 0 + // CHECK-TRAP: %[[PTRINT:.*]] = ptrtoint + // CHECK-TRAP-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRINT]], 3 + // CHECK-TRAP-NEXT: icmp eq i64 %[[MISALIGN]], 0 + // CHECK: %[[ARG:.*]] = ptrtoint // CHECK-NEXT: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_200]] to i8*), i64 %[[ARG]]) + + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable + #line 200 return *a; } @@ -73,55 +103,91 @@ int addr_space(int __attribute__((address_space(256))) *a) { } // CHECK: @lsh_overflow +// CHECK-TRAP: @lsh_overflow int lsh_overflow(int a, int b) { // CHECK: %[[INBOUNDS:.*]] = icmp ule i32 %[[RHS:.*]], 31 // CHECK-NEXT: br i1 %[[INBOUNDS]] + // CHECK-TRAP: %[[INBOUNDS:.*]] = icmp ule i32 %[[RHS:.*]], 31 + // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]] + // FIXME: Only emit one trap block here. // CHECK: %[[ARG1:.*]] = zext // CHECK-NEXT: %[[ARG2:.*]] = zext // CHECK-NEXT: call void @__ubsan_handle_shift_out_of_bounds(i8* bitcast ({{.*}} @[[LINE_300_A]] to i8*), i64 %[[ARG1]], i64 %[[ARG2]]) + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable + // CHECK: %[[SHIFTED_OUT_WIDTH:.*]] = sub nuw nsw i32 31, %[[RHS]] // CHECK-NEXT: %[[SHIFTED_OUT:.*]] = lshr i32 %[[LHS:.*]], %[[SHIFTED_OUT_WIDTH]] // CHECK-NEXT: %[[NO_OVERFLOW:.*]] = icmp eq i32 %[[SHIFTED_OUT]], 0 // CHECK-NEXT: br i1 %[[NO_OVERFLOW]], {{.*}} !prof ![[WEIGHT_MD]] + // CHECK-TRAP: %[[SHIFTED_OUT_WIDTH:.*]] = sub nuw nsw i32 31, %[[RHS]] + // CHECK-TRAP-NEXT: %[[SHIFTED_OUT:.*]] = lshr i32 %[[LHS:.*]], %[[SHIFTED_OUT_WIDTH]] + // CHECK-TRAP-NEXT: %[[NO_OVERFLOW:.*]] = icmp eq i32 %[[SHIFTED_OUT]], 0 + // CHECK-TRAP-NEXT: br i1 %[[NO_OVERFLOW]] + // CHECK: %[[ARG1:.*]] = zext // CHECK-NEXT: %[[ARG2:.*]] = zext // CHECK-NEXT: call void @__ubsan_handle_shift_out_of_bounds(i8* bitcast ({{.*}} @[[LINE_300_B]] to i8*), i64 %[[ARG1]], i64 %[[ARG2]]) + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable + // CHECK: %[[RET:.*]] = shl i32 %[[LHS]], %[[RHS]] // CHECK-NEXT: ret i32 %[[RET]] + + // CHECK-TRAP: %[[RET:.*]] = shl i32 %[[LHS]], %[[RHS]] + // CHECK-TRAP-NEXT: ret i32 %[[RET]] #line 300 return a << b; } // CHECK: @rsh_inbounds +// CHECK-TRAP: @rsh_inbounds int rsh_inbounds(int a, int b) { // CHECK: %[[INBOUNDS:.*]] = icmp ule i32 %[[RHS:.*]], 31 // CHECK: br i1 %[[INBOUNDS]] + // CHECK-TRAP: %[[INBOUNDS:.*]] = icmp ule i32 %[[RHS:.*]], 31 + // CHECK-TRAP: br i1 %[[INBOUNDS]] + // CHECK: %[[ARG1:.*]] = zext // CHECK-NEXT: %[[ARG2:.*]] = zext // CHECK-NEXT: call void @__ubsan_handle_shift_out_of_bounds(i8* bitcast ({{.*}} @[[LINE_400]] to i8*), i64 %[[ARG1]], i64 %[[ARG2]]) + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable + // CHECK: %[[RET:.*]] = ashr i32 %[[LHS]], %[[RHS]] // CHECK-NEXT: ret i32 %[[RET]] + + // CHECK-TRAP: %[[RET:.*]] = ashr i32 %[[LHS]], %[[RHS]] + // CHECK-TRAP-NEXT: ret i32 %[[RET]] #line 400 return a >> b; } // CHECK: @load +// CHECK-TRAP: @load int load(int *p) { // CHECK: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_500]] to i8*), i64 %{{.*}}) + + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable #line 500 return *p; } // CHECK: @store +// CHECK-TRAP: @store void store(int *p, int q) { // CHECK: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_600]] to i8*), i64 %{{.*}}) + + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable #line 600 *p = q; } @@ -129,22 +195,31 @@ void store(int *p, int q) { struct S { int k; }; // CHECK: @member_access +// CHECK-TRAP: @member_access int *member_access(struct S *p) { // CHECK: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_700]] to i8*), i64 %{{.*}}) + + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable #line 700 return &p->k; } // CHECK: @signed_overflow +// CHECK-TRAP: @signed_overflow int signed_overflow(int a, int b) { // CHECK: %[[ARG1:.*]] = zext // CHECK-NEXT: %[[ARG2:.*]] = zext // CHECK-NEXT: call void @__ubsan_handle_add_overflow(i8* bitcast ({{.*}} @[[LINE_800]] to i8*), i64 %[[ARG1]], i64 %[[ARG2]]) + + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable #line 800 return a + b; } // CHECK: @no_return +// CHECK-TRAP: @no_return int no_return() { // Reaching the end of a noreturn function is fine in C. // FIXME: If the user explicitly requests -fsanitize=return, we should catch @@ -152,6 +227,10 @@ int no_return() { // CHECK-NOT: call // CHECK-NOT: unreachable // CHECK: ret i32 + + // CHECK-TRAP-NOT: call + // CHECK-TRAP-NOT: unreachable + // CHECK-TRAP: ret i32 } // CHECK: @vla_bound @@ -171,55 +250,107 @@ float int_float_no_overflow(__int128 n) { } // CHECK: @int_float_overflow +// CHECK-TRAP: @int_float_overflow float int_float_overflow(unsigned __int128 n) { // This is 2**104. FLT_MAX is 2**128 - 2**104. // CHECK: icmp ule i128 %{{.*}}, -20282409603651670423947251286016 // CHECK: call void @__ubsan_handle_float_cast_overflow( + + // CHECK-TRAP: %[[INBOUNDS:.*]] = icmp ule i128 %{{.*}}, -20282409603651670423947251286016 + // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]] + + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable return n; } // CHECK: @int_fp16_overflow +// CHECK-TRAP: @int_fp16_overflow void int_fp16_overflow(int n, __fp16 *p) { // CHECK: %[[GE:.*]] = icmp sge i32 %{{.*}}, -65504 // CHECK: %[[LE:.*]] = icmp sle i32 %{{.*}}, 65504 // CHECK: and i1 %[[GE]], %[[LE]] // CHECK: call void @__ubsan_handle_float_cast_overflow( + + // CHECK-TRAP: %[[GE:.*]] = icmp sge i32 %{{.*}}, -65504 + // CHECK-TRAP: %[[LE:.*]] = icmp sle i32 %{{.*}}, 65504 + // CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]] + // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]] + + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable *p = n; } // CHECK: @float_int_overflow +// CHECK-TRAP: @float_int_overflow int float_int_overflow(float f) { // CHECK: %[[GE:.*]] = fcmp oge float %[[F:.*]], 0xC1E0000000000000 // CHECK: %[[LE:.*]] = fcmp ole float %[[F]], 0x41DFFFFFE0000000 // CHECK: and i1 %[[GE]], %[[LE]] // CHECK: call void @__ubsan_handle_float_cast_overflow( + + // CHECK-TRAP: %[[GE:.*]] = fcmp oge float %[[F:.*]], 0xC1E0000000000000 + // CHECK-TRAP: %[[LE:.*]] = fcmp ole float %[[F]], 0x41DFFFFFE0000000 + // CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]] + // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]] + + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable return f; } // CHECK: @float_uint_overflow +// CHECK-TRAP: @float_uint_overflow unsigned float_uint_overflow(float f) { // CHECK: %[[GE:.*]] = fcmp oge float %[[F:.*]], 0.{{0*}}e+00 // CHECK: %[[LE:.*]] = fcmp ole float %[[F]], 0x41EFFFFFE0000000 // CHECK: and i1 %[[GE]], %[[LE]] // CHECK: call void @__ubsan_handle_float_cast_overflow( + + // CHECK-TRAP: %[[GE:.*]] = fcmp oge float %[[F:.*]], 0.{{0*}}e+00 + // CHECK-TRAP: %[[LE:.*]] = fcmp ole float %[[F]], 0x41EFFFFFE0000000 + // CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]] + // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]] + + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable return f; } // CHECK: @fp16_char_overflow +// CHECK-TRAP: @fp16_char_overflow signed char fp16_char_overflow(__fp16 *p) { // CHECK: %[[GE:.*]] = fcmp oge float %[[F:.*]], -1.28{{0*}}e+02 // CHECK: %[[LE:.*]] = fcmp ole float %[[F]], 1.27{{0*}}e+02 // CHECK: and i1 %[[GE]], %[[LE]] // CHECK: call void @__ubsan_handle_float_cast_overflow( + + // CHECK-TRAP: %[[GE:.*]] = fcmp oge float %[[F:.*]], -1.28{{0*}}e+02 + // CHECK-TRAP: %[[LE:.*]] = fcmp ole float %[[F]], 1.27{{0*}}e+02 + // CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]] + // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]] + + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable return *p; } // CHECK: @float_float_overflow +// CHECK-TRAP: @float_float_overflow float float_float_overflow(double f) { // CHECK: %[[GE:.*]] = fcmp oge double %[[F:.*]], 0xC7EFFFFFE0000000 // CHECK: %[[LE:.*]] = fcmp ole double %[[F]], 0x47EFFFFFE0000000 // CHECK: and i1 %[[GE]], %[[LE]] // CHECK: call void @__ubsan_handle_float_cast_overflow( + + // CHECK-TRAP: %[[GE:.*]] = fcmp oge double %[[F:.*]], 0xC7EFFFFFE0000000 + // CHECK-TRAP: %[[LE:.*]] = fcmp ole double %[[F]], 0x47EFFFFFE0000000 + // CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]] + // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]] + + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP-NEXT: unreachable return f; } @@ -228,6 +359,7 @@ float float_float_overflow(double f) { int int_divide_overflow(int a, int b) { // CHECK: %[[ZERO:.*]] = icmp ne i32 %[[B:.*]], 0 // CHECK-OVERFLOW-NOT: icmp ne i32 %{{.*}}, 0 + // CHECK-TRAP: %[[ZERO:.*]] = icmp ne i32 %[[B:.*]], 0 // CHECK: %[[AOK:.*]] = icmp ne i32 %[[A:.*]], -2147483648 // CHECK-NEXT: %[[BOK:.*]] = icmp ne i32 %[[B]], -1 @@ -237,14 +369,25 @@ int int_divide_overflow(int a, int b) { // CHECK-OVERFLOW-NEXT: %[[BOK:.*]] = icmp ne i32 %[[B:.*]], -1 // CHECK-OVERFLOW-NEXT: %[[OK:.*]] = or i1 %[[AOK]], %[[BOK]] + // CHECK-TRAP: %[[AOK:.*]] = icmp ne i32 %[[A:.*]], -2147483648 + // CHECK-TRAP-NEXT: %[[BOK:.*]] = icmp ne i32 %[[B]], -1 + // CHECK-TRAP-NEXT: %[[OVER:.*]] = or i1 %[[AOK]], %[[BOK]] + // CHECK: %[[OK:.*]] = and i1 %[[ZERO]], %[[OVER]] // CHECK: br i1 %[[OK]] // CHECK-OVERFLOW: br i1 %[[OK]] + + // CHECK-TRAP: %[[OK:.*]] = and i1 %[[ZERO]], %[[OVER]] + // CHECK-TRAP: br i1 %[[OK]] + + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP: unreachable return a / b; // CHECK: } // CHECK-OVERFLOW: } + // CHECK-TRAP: } } // CHECK: @sour_bool @@ -252,6 +395,12 @@ _Bool sour_bool(_Bool *p) { // CHECK: %[[OK:.*]] = icmp ule i8 {{.*}}, 1 // CHECK: br i1 %[[OK]] // CHECK: call void @__ubsan_handle_load_invalid_value(i8* bitcast ({{.*}}), i64 {{.*}}) + + // CHECK-TRAP: %[[OK:.*]] = icmp ule i8 {{.*}}, 1 + // CHECK-TRAP: br i1 %[[OK]] + + // CHECK-TRAP: call void @llvm.trap() noreturn nounwind + // CHECK-TRAP: unreachable return *p; } diff --git a/clang/test/Driver/fsanitize.c b/clang/test/Driver/fsanitize.c index d4310a6..efb289f 100644 --- a/clang/test/Driver/fsanitize.c +++ b/clang/test/Driver/fsanitize.c @@ -1,4 +1,9 @@ -// RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED +// RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP +// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP +// RUN: %clang -target x86_64-linux-gnu -fsanitize-undefined-trap-on-error -fsanitize=undefined-trap %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP +// CHECK-UNDEFINED-TRAP: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|object-size|float-cast-overflow|bounds|enum|bool),?){14}"}} +// CHECK-UNDEFINED-TRAP: "-fsanitize-undefined-trap-on-error" + // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED // CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|bounds|enum|bool),?){15}"}} @@ -11,6 +16,18 @@ // RUN: %clang -target x86_64-linux-gnu -fsanitize=address-full %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-FULL // CHECK-ASAN-FULL: "-fsanitize={{((address|init-order|use-after-return|use-after-scope),?){4}"}} +// RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior -fno-sanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-NO-TRAP-ERROR +// CHECK-UNDEFINED-NO-TRAP-ERROR: '-fcatch-undefined-behavior' not allowed with '-fno-sanitize-undefined-trap-on-error' + +// RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fcatch-undefined-behavior %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-UNDEF-ERROR +// CHECK-VPTR-UNDEF-ERROR: '-fsanitize=vptr' not allowed with '-fcatch-undefined-behavior' + +// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF +// CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF: '-fsanitize=undefined' not allowed with '-fsanitize-undefined-trap-on-error' + +// RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP-ON-ERROR-VPTR +// CHECK-UNDEFINED-TRAP-ON-ERROR-VPTR: '-fsanitize=vptr' not allowed with '-fsanitize-undefined-trap-on-error' + // RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-NO-RTTI // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-NO-RTTI // CHECK-VPTR-NO-RTTI: '-fsanitize=vptr' not allowed with '-fno-rtti' @@ -64,7 +81,7 @@ // OK // RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior -fthread-sanitizer -fno-thread-sanitizer -faddress-sanitizer -fno-address-sanitizer -fbounds-checking -### %s 2>&1 | FileCheck %s --check-prefix=CHECK-DEPRECATED -// CHECK-DEPRECATED: argument '-fcatch-undefined-behavior' is deprecated, use '-fsanitize=undefined' instead +// CHECK-DEPRECATED: argument '-fcatch-undefined-behavior' is deprecated, use '-fsanitize=undefined-trap -fsanitize-undefined-trap-on-error' instead // CHECK-DEPRECATED: argument '-fthread-sanitizer' is deprecated, use '-fsanitize=thread' instead // CHECK-DEPRECATED: argument '-fno-thread-sanitizer' is deprecated, use '-fno-sanitize=thread' instead // CHECK-DEPRECATED: argument '-faddress-sanitizer' is deprecated, use '-fsanitize=address' instead -- 2.7.4