maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
llvm-project/compiler-rt/lib/ubsan_minimal/ubsan_minimal_handlers.cpp

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

121 lines
4.3 KiB
C++
Raw Normal View History

[ubsan-minimal] Get rid of the libc++ dependency. Summary: Use -nodefaultlibs. Replace std:atomic with sanitizer atomics. Reviewers: vitalybuka, kongyi, EricWF Subscribers: mgorny, llvm-commits Differential Revision: https://reviews.llvm.org/D39934 llvm-svn: 317969
2017-11-11 10:32:02 +08:00
#include "sanitizer_common/sanitizer_atomic.h"
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
#include <stdlib.h>
[ubsan-minimal] Get rid of the libc++ dependency. Summary: Use -nodefaultlibs. Replace std:atomic with sanitizer atomics. Reviewers: vitalybuka, kongyi, EricWF Subscribers: mgorny, llvm-commits Differential Revision: https://reviews.llvm.org/D39934 llvm-svn: 317969
2017-11-11 10:32:02 +08:00
#include <stdint.h>
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
#include <string.h>
#include <unistd.h>
[ubsan-minimal] Add a path for non-POSIX (and bare-metal) use of the library Summary: Hook on -DKERNEL_USE (which is also used in lib/builtins) to not import strlen and not rely on write() being implemented with the stderr on fd 2. With this, the only requirements to use this library are: - "Good enough" std::atomic<void*> and std::atomic<int> - abort() being implemented - ubsan_message(const char*) being implemented Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39791 llvm-svn: 320831
2017-12-16 01:30:50 +08:00
#ifdef KERNEL_USE
extern "C" void ubsan_message(const char *msg);
static void message(const char *msg) { ubsan_message(msg); }
#else
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
static void message(const char *msg) {
[compiler-rt] Suppress -Wunused-result due to ::write when _FORTIFY_SOURCE>0 in glibc Noticed by Peter Foley. In glibc, ::write is declared as __attribute__((__warn_unused_result__)) when __USE_FORTIFY_LEVEL is larger than 0.
2020-10-13 00:57:12 +08:00
(void)write(2, msg, strlen(msg));
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
}
[ubsan-minimal] Add a path for non-POSIX (and bare-metal) use of the library Summary: Hook on -DKERNEL_USE (which is also used in lib/builtins) to not import strlen and not rely on write() being implemented with the stderr on fd 2. With this, the only requirements to use this library are: - "Good enough" std::atomic<void*> and std::atomic<int> - abort() being implemented - ubsan_message(const char*) being implemented Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39791 llvm-svn: 320831
2017-12-16 01:30:50 +08:00
#endif
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
static const int kMaxCallerPcs = 20;
[ubsan-minimal] Get rid of the libc++ dependency. Summary: Use -nodefaultlibs. Replace std:atomic with sanitizer atomics. Reviewers: vitalybuka, kongyi, EricWF Subscribers: mgorny, llvm-commits Differential Revision: https://reviews.llvm.org/D39934 llvm-svn: 317969
2017-11-11 10:32:02 +08:00
static __sanitizer::atomic_uintptr_t caller_pcs[kMaxCallerPcs];
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
// Number of elements in caller_pcs. A special value of kMaxCallerPcs + 1 means
// that "too many errors" has already been reported.
[ubsan-minimal] Get rid of the libc++ dependency. Summary: Use -nodefaultlibs. Replace std:atomic with sanitizer atomics. Reviewers: vitalybuka, kongyi, EricWF Subscribers: mgorny, llvm-commits Differential Revision: https://reviews.llvm.org/D39934 llvm-svn: 317969
2017-11-11 10:32:02 +08:00
static __sanitizer::atomic_uint32_t caller_pcs_sz;
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
[ubsan-minimal] Get rid of the libc++ dependency. Summary: Use -nodefaultlibs. Replace std:atomic with sanitizer atomics. Reviewers: vitalybuka, kongyi, EricWF Subscribers: mgorny, llvm-commits Differential Revision: https://reviews.llvm.org/D39934 llvm-svn: 317969
2017-11-11 10:32:02 +08:00
__attribute__((noinline)) static bool report_this_error(void *caller_p) {
uintptr_t caller = reinterpret_cast<uintptr_t>(caller_p);
if (caller == 0) return false;
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
while (true) {
[ubsan-minimal] Get rid of the libc++ dependency. Summary: Use -nodefaultlibs. Replace std:atomic with sanitizer atomics. Reviewers: vitalybuka, kongyi, EricWF Subscribers: mgorny, llvm-commits Differential Revision: https://reviews.llvm.org/D39934 llvm-svn: 317969
2017-11-11 10:32:02 +08:00
unsigned sz = __sanitizer::atomic_load_relaxed(&caller_pcs_sz);
if (sz > kMaxCallerPcs) return false; // early exit
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
// when sz==kMaxCallerPcs print "too many errors", but only when cmpxchg
// succeeds in order to not print it multiple times.
if (sz > 0 && sz < kMaxCallerPcs) {
[ubsan-minimal] Get rid of the libc++ dependency. Summary: Use -nodefaultlibs. Replace std:atomic with sanitizer atomics. Reviewers: vitalybuka, kongyi, EricWF Subscribers: mgorny, llvm-commits Differential Revision: https://reviews.llvm.org/D39934 llvm-svn: 317969
2017-11-11 10:32:02 +08:00
uintptr_t p;
for (unsigned i = 0; i < sz; ++i) {
p = __sanitizer::atomic_load_relaxed(&caller_pcs[i]);
if (p == 0) break; // Concurrent update.
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
if (p == caller) return false;
}
[ubsan-minimal] Get rid of the libc++ dependency. Summary: Use -nodefaultlibs. Replace std:atomic with sanitizer atomics. Reviewers: vitalybuka, kongyi, EricWF Subscribers: mgorny, llvm-commits Differential Revision: https://reviews.llvm.org/D39934 llvm-svn: 317969
2017-11-11 10:32:02 +08:00
if (p == 0) continue; // FIXME: yield?
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
}
[ubsan-minimal] Get rid of the libc++ dependency. Summary: Use -nodefaultlibs. Replace std:atomic with sanitizer atomics. Reviewers: vitalybuka, kongyi, EricWF Subscribers: mgorny, llvm-commits Differential Revision: https://reviews.llvm.org/D39934 llvm-svn: 317969
2017-11-11 10:32:02 +08:00
if (!__sanitizer::atomic_compare_exchange_strong(
&caller_pcs_sz, &sz, sz + 1, __sanitizer::memory_order_seq_cst))
continue; // Concurrent update! Try again from the start.
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
if (sz == kMaxCallerPcs) {
message("ubsan: too many errors\n");
return false;
}
[ubsan-minimal] Get rid of the libc++ dependency. Summary: Use -nodefaultlibs. Replace std:atomic with sanitizer atomics. Reviewers: vitalybuka, kongyi, EricWF Subscribers: mgorny, llvm-commits Differential Revision: https://reviews.llvm.org/D39934 llvm-svn: 317969
2017-11-11 10:32:02 +08:00
__sanitizer::atomic_store_relaxed(&caller_pcs[sz], caller);
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
return true;
}
}
#if defined(__ANDROID__)
Runtime detection of android_set_abort_message. Summary: Use runtime detection (with a weak-undef symbol) of android_set_abort_message availability. Android NDK provides a single version of the ASan runtime library to be used for any target API level, which makes compile-time feature detection impossible (the library itself is built at API level 9). Reviewers: vitalybuka Subscribers: srhines, llvm-commits, kubamracek Differential Revision: https://reviews.llvm.org/D37716 llvm-svn: 312973
2017-09-12 07:27:58 +08:00
extern "C" __attribute__((weak)) void android_set_abort_message(const char *);
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
static void abort_with_message(const char *msg) {
Runtime detection of android_set_abort_message. Summary: Use runtime detection (with a weak-undef symbol) of android_set_abort_message availability. Android NDK provides a single version of the ASan runtime library to be used for any target API level, which makes compile-time feature detection impossible (the library itself is built at API level 9). Reviewers: vitalybuka Subscribers: srhines, llvm-commits, kubamracek Differential Revision: https://reviews.llvm.org/D37716 llvm-svn: 312973
2017-09-12 07:27:58 +08:00
if (&android_set_abort_message) android_set_abort_message(msg);
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
abort();
}
#else
static void abort_with_message(const char *) { abort(); }
#endif
[ubsan-minimal] Fix the ubsan_minimal debug build (COMPILER_RT_DEBUG=1) on macOS. `ubsan_minimal` makes use of the `_sanitizer::atomic_load` function. This function uses the `DCHECK` macro which in debug builds will use the `_sanitizer::CheckFailed` function. This function is part of `sanitizer_common` but `ubsan_minimal` doesn't use this so the implementation is missing which leads to link failures on macOS when trying to link `libclang_rt.ubsan_minimal_osx_dynamic.dylib`. This is in contrast to the BFD linker on Linux which doesn't seem to care about the missing symbol. A basic implementation of `_sanitizer::CheckFailed` has been added to the `ubsan_minimal` debug build to avoid the link error. The implementation could definitely be improved but I don't know which functions can be used in this context so I decided to restrict myself to functions only being used in `ubsan_minimal` already. llvm-svn: 326032
2018-02-24 21:14:44 +08:00
#if SANITIZER_DEBUG
namespace __sanitizer {
// The DCHECK macro needs this symbol to be defined.
void NORETURN CheckFailed(const char *file, int, const char *cond, u64, u64) {
message("Sanitizer CHECK failed: ");
message(file);
message(":?? : "); // FIXME: Show line number.
message(cond);
abort();
}
} // namespace __sanitizer
#endif
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
#define INTERFACE extern "C" __attribute__((visibility("default")))
// FIXME: add caller pc to the error message (possibly as "ubsan: error-type
// @1234ABCD").
[ubsan-minimal] Make the interface more compatible with RTUBSan This eliminates a few inconsistencies between the symbol sets exported by RTUBSan and RTUBSan_minimal: * Handlers for nonnull_return were missing from the minimal RT, and are now added in. * The minimal runtime exported recoverable handlers for builtin_unreachable and missing_return. These are not supposed to exist, and are now removed. llvm-svn: 313614
2017-09-19 14:46:36 +08:00
#define HANDLER_RECOVER(name, msg) \
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
INTERFACE void __ubsan_handle_##name##_minimal() { \
if (!report_this_error(__builtin_return_address(0))) return; \
message("ubsan: " msg "\n"); \
[ubsan-minimal] Make the interface more compatible with RTUBSan This eliminates a few inconsistencies between the symbol sets exported by RTUBSan and RTUBSan_minimal: * Handlers for nonnull_return were missing from the minimal RT, and are now added in. * The minimal runtime exported recoverable handlers for builtin_unreachable and missing_return. These are not supposed to exist, and are now removed. llvm-svn: 313614
2017-09-19 14:46:36 +08:00
}
#define HANDLER_NORECOVER(name, msg) \
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
INTERFACE void __ubsan_handle_##name##_minimal_abort() { \
message("ubsan: " msg "\n"); \
abort_with_message("ubsan: " msg); \
}
[ubsan-minimal] Make the interface more compatible with RTUBSan This eliminates a few inconsistencies between the symbol sets exported by RTUBSan and RTUBSan_minimal: * Handlers for nonnull_return were missing from the minimal RT, and are now added in. * The minimal runtime exported recoverable handlers for builtin_unreachable and missing_return. These are not supposed to exist, and are now removed. llvm-svn: 313614
2017-09-19 14:46:36 +08:00
#define HANDLER(name, msg) \
HANDLER_RECOVER(name, msg) \
HANDLER_NORECOVER(name, msg)
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
HANDLER(type_mismatch, "type-mismatch")
[compiler-rt][UBSan] Sanitization for alignment assumptions. Summary: This is the compiler-rt part. The clang part is D54589. This is a second commit, the original one was r351106, which was mass-reverted in r351159 because 2 compiler-rt tests were failing. Now, i have fundamentally changed the testing approach: i malloc a few bytes, intentionally mis-align the pointer (increment it by one), and check that. Also, i have decreased the expected alignment. This hopefully should be enough to pacify all the bots. If not, i guess i might just drop the two 'bad' tests. Reviewers: filcab, vsk, #sanitizers, vitalybuka, rsmith, morehouse Reviewed By: morehouse Subscribers: rjmccall, krytarowski, rsmith, kcc, srhines, kubamracek, dberris, llvm-commits Tags: #sanitizers Differential Revision: https://reviews.llvm.org/D54590 llvm-svn: 351178
2019-01-15 17:44:27 +08:00
HANDLER(alignment_assumption, "alignment-assumption")
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
HANDLER(add_overflow, "add-overflow")
HANDLER(sub_overflow, "sub-overflow")
HANDLER(mul_overflow, "mul-overflow")
HANDLER(negate_overflow, "negate-overflow")
HANDLER(divrem_overflow, "divrem-overflow")
HANDLER(shift_out_of_bounds, "shift-out-of-bounds")
HANDLER(out_of_bounds, "out-of-bounds")
[ubsan-minimal] Make the interface more compatible with RTUBSan This eliminates a few inconsistencies between the symbol sets exported by RTUBSan and RTUBSan_minimal: * Handlers for nonnull_return were missing from the minimal RT, and are now added in. * The minimal runtime exported recoverable handlers for builtin_unreachable and missing_return. These are not supposed to exist, and are now removed. llvm-svn: 313614
2017-09-19 14:46:36 +08:00
HANDLER_RECOVER(builtin_unreachable, "builtin-unreachable")
HANDLER_RECOVER(missing_return, "missing-return")
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
HANDLER(vla_bound_not_positive, "vla-bound-not-positive")
HANDLER(float_cast_overflow, "float-cast-overflow")
HANDLER(load_invalid_value, "load-invalid-value")
HANDLER(invalid_builtin, "invalid-builtin")
[ubsan] Check implicit casts in ObjC for-in statements Check that the implicit cast from `id` used to construct the element variable in an ObjC for-in statement is valid. This check is included as part of a new `objc-cast` sanitizer, outside of the main 'undefined' group, as (IIUC) the behavior it's checking for is not technically UB. The check can be extended to cover other kinds of invalid casts in ObjC. Partially addresses: rdar://12903059, rdar://9542496 Differential Revision: https://reviews.llvm.org/D71491
2019-12-14 04:59:40 +08:00
HANDLER(invalid_objc_cast, "invalid-objc-cast")
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
HANDLER(function_type_mismatch, "function-type-mismatch")
[compiler-rt][ubsan] Implicit Conversion Sanitizer - integer truncation - compiler-rt part Summary: This is a compiler-rt part. The clang part is D48958. See [[ https://bugs.llvm.org/show_bug.cgi?id=21530 | PR21530 ]], https://github.com/google/sanitizers/issues/940. Reviewers: #sanitizers, samsonov, vsk, rsmith, pcc, eugenis, kcc, filcab Reviewed By: #sanitizers, vsk, filcab Subscribers: llvm-commits, eugenis, filcab, kubamracek, dberris, #sanitizers, regehr Tags: #sanitizers Differential Revision: https://reviews.llvm.org/D48959 llvm-svn: 338287
2018-07-31 02:58:30 +08:00
HANDLER(implicit_conversion, "implicit-conversion")
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
HANDLER(nonnull_arg, "nonnull-arg")
[ubsan-minimal] Make the interface more compatible with RTUBSan This eliminates a few inconsistencies between the symbol sets exported by RTUBSan and RTUBSan_minimal: * Handlers for nonnull_return were missing from the minimal RT, and are now added in. * The minimal runtime exported recoverable handlers for builtin_unreachable and missing_return. These are not supposed to exist, and are now removed. llvm-svn: 313614
2017-09-19 14:46:36 +08:00
HANDLER(nonnull_return, "nonnull-return")
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
HANDLER(nullability_arg, "nullability-arg")
[ubsan-minimal] Make the interface more compatible with RTUBSan This eliminates a few inconsistencies between the symbol sets exported by RTUBSan and RTUBSan_minimal: * Handlers for nonnull_return were missing from the minimal RT, and are now added in. * The minimal runtime exported recoverable handlers for builtin_unreachable and missing_return. These are not supposed to exist, and are now removed. llvm-svn: 313614
2017-09-19 14:46:36 +08:00
HANDLER(nullability_return, "nullability-return")
Minimal runtime for UBSan. Summary: An implementation of ubsan runtime library suitable for use in production. Minimal attack surface. * No stack traces. * Definitely no C++ demangling. * No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general. * as simple as possible Minimal CPU and RAM overhead. * Source locations unnecessary in the presence of (split) debug info. * Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at. * above two items save 3% binary size. When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt. Reviewers: pcc, kcc Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits Differential Revision: https://reviews.llvm.org/D36810 llvm-svn: 312029
2017-08-30 04:03:51 +08:00
HANDLER(pointer_overflow, "pointer-overflow")
HANDLER(cfi_check_fail, "cfi-check-fail")