| Age | Commit message (Collapse) | Author |
|---|
|
...when such an operation is done on an object during con-/destruction.
(This adds a test case to compiler-rt/test/ubsan/TestCases/TypeCheck/vptr.cpp
that, unlike the existing test cases there, wants to detect multiple UBSan
warnings in one go. Therefore, that file had to be changed from globally using
-fno-sanitize-recover to individually using halt_on_error only where
appropriate.)
This is the compiler-rt part of a patch covering both cfe and compiler-rt.
Differential Revision: https://reviews.llvm.org/D40295
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@321518 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is paired with the clang change: https://reviews.llvm.org/D40698
Differential Revision: https://reviews.llvm.org/D40700
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@321232 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
function through non-noexcept pointer in C++17"
At least <http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-android/
builds/6013/steps/annotate/logs/stdio> complains about
__ubsan::__ubsan_handle_function_type_mismatch_abort (compiler-rt
lib/ubsan/ubsan_handlers.cc) returning now despite being declared 'noreturn', so
looks like a different approach is needed for the function_type_mismatch check
to be called also in cases that may ultimately succeed.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320981 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
non-noexcept pointer in C++17
As discussed in the mail thread <https://groups.google.com/a/isocpp.org/forum/
#!topic/std-discussion/T64_dW3WKUk> "Calling noexcept function throug non-
noexcept pointer is undefined behavior?", such a call should not be UB.
However, Clang currently warns about it.
There is no cheap check whether two function type_infos only differ in noexcept,so pass those two type_infos as additional data to the function_type_mismatch
handler (with the optimization of passing a null "static callee type" info when that is already noexcept, so the additional check can be avoided anyway). For
the Itanium ABI (which appears to be the only one that happens to be used on
platforms that support -fsanitize=function, and which appears to only record
noexcept information for pointer-to-function type_infos, not for function
type_infos themselves), we then need to check the mangled names for occurrence
of "Do" representing "noexcept".
This is the compiler-rt part of a patch covering both cfe and compiler-rt.
Differential Revision: https://reviews.llvm.org/D40720
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320977 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@313572 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This was originally broken by r258744 which introduced a weak reference
from ubsan to ubsan_cxx. This reference does not work directly on
Windows because COFF has no direct concept of weak symbols. The fix is
to use /alternatename to create a weak external reference to ubsan_cxx.
Also fix the definition (and the name, so that we drop cached values)
of the cmake flag that controls whether to build ubsan_cxx. Now the
user-controllable flag is always on, and we turn it off internally
depending on whether we support building it.
Differential Revision: https://reviews.llvm.org/D37882
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@313391 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: https://reviews.llvm.org/D34591
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@309461 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
(compiler-rt)
Compiler-rt changes associated with: D34121
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@307956 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: https://reviews.llvm.org/D34298
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@306164 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Compiler-rt part of: https://reviews.llvm.org/D33910
Differential Revision: https://reviews.llvm.org/D33911
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@305217 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Patch by John Regehr and Will Dietz!
Differential Revision: https://reviews.llvm.org/D20323
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@304461 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@302211 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@301589 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Add 'nullability_arg' and 'nullability_return' diagnostic handlers, and
also add a TypeCheckKind for null assignments to _Nonnull. With this in
place, we can update clang to use the nicer handlers for nullability
diagnostics.
The alternative to this approach is to update the existing 'nonnull_arg'
and 'nonnull_return' handlers to accept a boolean parameter. However,
versioning the existing handlers would cause code size bloat, and the
complexity cost of introducing new handlers into the runtime is low.
I will add tests for this, and all of -fsanitize=nullability, into
check-ubsan once the clang side of the changes is in.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@297748 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: This is the compiler-rt side of D28242.
Reviewers: kcc, vitalybuka, pgousseau, gbedwell
Subscribers: kubabrecka, llvm-commits
Differential Revision: https://reviews.llvm.org/D28244
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@291237 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Avoid crashing when printing diagnostics for vtable-related CFI
errors. In diagnostic mode, the frontend does an additional check of
the vtable pointer against the set of all known vtable addresses and
lets the runtime handler know if it is safe to inspect the vtable.
http://reviews.llvm.org/D16824
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@259717 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This should fix the build on Mac 10.8 and earlier.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@258988 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
* add __cfi_slowpath_diag with a 3rd parameter which is a pointer to
the diagnostic info for the ubsan handlers.
*__cfi_check gets a 3rd parameter as well.
* unify vcall/cast/etc and icall diagnostic info format, and merge
the handlers to have a single entry point (actually two points due
to abort/noabort variants).
* tests
Note that this comes with a tiny overhead in the non-diag mode:
cfi_slowpath must pass 0 as the 3rd argument to cfi_check.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@258744 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Add the ability to suppress UBSan reports for files/functions/modules
at runtime. The user can now pass UBSAN_OPTIONS=suppressions=supp.txt
with the contents of the form:
signed-integer-overflow:file-with-known-overflow.cpp
alignment:function_doing_unaligned_access
vptr:shared_object_with_vptr_failures.so
Suppression categories match the arguments passed to -fsanitize=
flag (although, see below). There is no overhead if suppressions are
not provided. Otherwise there is extra overhead for symbolization.
Limitations:
1) sometimes suppressions need debug info / symbol table to function
properly (although sometimes frontend generates enough info to
do the match).
2) it's only possible to suppress recoverable UB kinds - if you've
built the code with -fno-sanitize-recover=undefined, suppressions
will not work.
3) categories are fine-grained check kinds, not groups like "undefined"
or "integer", so you can't write "undefined:file_with_ub.cc".
Reviewers: rsmith, kcc
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D15363
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@256018 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
unrecoverable handlers.
Let unrecoverable handlers be responsbile for killing the
program with Die(), and let functions which print the error
report know if it's going to happen. Re-write the comments to
describe the situation.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@255081 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Currently, this is an NFC. However, knowing out the kind of error
report before we bring up all the reporting machinery (implemented in
ScopedReport class) is important once we teach UBSan runtime
suppressions.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@255074 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
types is unknown.
Differential revision: http://reviews.llvm.org/D13775
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@250806 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D11858
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@247239 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Reviewers: rsmith, pcc
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D12215
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@245897 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Compiler-rt part of http://reviews.llvm.org/D11757
I ended up making UBSan work with both the old version and the new
version of the float_cast_overflow data (instead of just erroring with
the previous version). The old version will try to symbolize its caller.
Now we compile the float_cast_overflow tests without -g, and make sure
we have the source file+line+column.
If you think I'm trying too hard to make sure we can still use both
versions, let me know.
Reviewers: samsonov, rsmith
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D11793
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@244567 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@233295 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
__ubsan::getFunctionLocation() used to issue a call to symbolizer, and
convert the result (SymbolizedStack) to one of UBSan structures:
SourceLocation, ModuleLocation or MemoryLocation. This:
(1) is inefficient: we do an extra allocation/deallocation to copy data,
while we can instead can just pass SymbolizedStack around (which
contains all the necessary data).
(2) leaks memory: strings stored in SourceLocation/MemoryLocation are
never deallocated, and Filipe Cabecinhas suggests this causes crashes
of UBSan-ified programs in the wild.
Instead, let Location store a pointer to SymbolizedStack object, and
make sure it's properly deallocated when UBSan handler exits.
ModuleLocation is made obsolete by this change, and is deleted.
Test Plan: check-ubsan test suite
Reviewers: rsmith, filcab
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D7548
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@228869 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Make sure we don't print the error report from -fsanitize=function
twice for the same source location, as we do in another UBSan handlers.
Test Plan: check-ubsan test suite
Reviewers: rsmith, pcc
Reviewed By: pcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D7524
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@228772 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
getCallerLocation() is expensive as it issues a call to symbolizer.
(In fact, this function has a memory leak at the moment, but this
will be fixed in the nearest future). We should only call it if
we're actually going to print an error report, in particular,
once for every reported source location.
__ubsan_handle_type_mismatch: call getCallerLocation() only if
provided source location is invalid, and only if the report is not
deduplicated.
__ubsan_handle_float_cast_overflow: call getSourceLocation with
correct CallerPC (the one in user code, not in UBSan handler). Source
location for this check is not currently emitted by frontend.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@228732 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This change adds UBSan check to upcasts. Namely, when we
perform derived-to-base conversion, we:
1) check that the pointer-to-derived has suitable alignment
and underlying storage, if this pointer is non-null.
2) if vptr-sanitizer is enabled, and we perform conversion to
virtual base, we check that pointer-to-derived has a matching vptr.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@219642 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
By default summary is not printed if UBSan is run in a standalone mode,
but is printed if it's combined with another sanitizer (like ASan).
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@218135 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
FIx a problem reported by Jakub Jelinek: don't do early-exit from fatal
UBSan handlers: even if source location is disabled (i.e. acquired by
some other thread), we should continue the execution to make sure that:
a) some thread will print the error report before calling Die().
b) handler marked as noreturn will indeed not return.
Explicitly add "Die()" calls at the end of all fatal handlers to be
sure UBSan handlers don't introduce UB themselves.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@217542 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@217400 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This patch implements a new UBSan check, which verifies
that function arguments declared to be nonnull with __attribute__((nonnull))
are actually nonnull in runtime.
To implement this check, we pass FunctionDecl to CodeGenFunction::EmitCallArgs
(where applicable) and if function declaration has nonnull attribute specified
for a certain formal parameter, we compare the corresponding RValue to null as
soon as it's calculated.
Test Plan: regression test suite
Reviewers: rsmith
Reviewed By: rsmith
Subscribers: cfe-commits, rnk
Differential Revision: http://reviews.llvm.org/D5082
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@217389 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@216289 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This patch adds a runtime check verifying that functions
annotated with "returns_nonnull" attribute do in fact return nonnull pointers.
It is based on suggestion by Jakub Jelinek:
http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20140623/223693.html.
Test Plan: regression test suite
Reviewers: rsmith
Reviewed By: rsmith
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D4849
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@215485 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This object is used to encapsulate all actions that need to be
done before/after printing UBSan diagnostics. Currently these
actions are:
* locking a mutex to ensure that UBSan diagnostics from several
threads won't mix with each other and with other sanitizers'
reports
* killing a program once the report is printed (if necessary).
Use this object in all UBSan handlers. Unify the way we implement
fatal and non-fatal handlers by making all the handlers simple
one-liners that redirect __ubsan_handle_foo(_abort)? to
handleFooImpl().
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@214279 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://llvm-reviews.chandlerc.com/D1339
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@193060 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@191807 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@175948 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
base-to-derived casts have undefined behavior if the object is not actually an
instance of the derived type. Runtime library part.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@175079 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@171948 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fixed version of r171273.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@171278 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Original commit message:
[ubsan] Don't suggest casting to unsigned for unsigned unary minus overflow.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@171277 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@171273 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
pointing at the bad location and a snippet of nearby memory values. This is
strictly best-effort; reading these bytes to display the note could lead to a
seg fault, and that's explicitly OK.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@170415 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
one out from the return address. Currently, we can only resolve this address to
a file and line number if we have an external symbolizer.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@170407 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
bit-patterns which are not valid values for enumerated or boolean types.
These checks are the ubsan analogue of !range metadata.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@170107 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
If user specifies aborting after a recoverable failed check is
appropriate, frontend should emit call to the _abort variant.
Test this behavior with newly added -fsanitize-recover flag.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@169113 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@168700 91177308-0d34-0410-b5e6-96231b3b80d8
|
