maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
llvm-project/compiler-rt/lib/ubsan/ubsan_handlers.h

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

237 lines
7.1 KiB
C
Raw Normal View History

Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
//===-- ubsan_handlers.h ----------------------------------------*- C++ -*-===//
//
Update the file headers across all of the LLVM projects in the monorepo to reflect the new license. We understand that people may be surprised that we're moving the header entirely to discuss the new license. We checked this carefully with the Foundation's lawyer and we believe this is the correct approach. Essentially, all code in the project is now made available by the LLVM project under our new license, so you will see that the license headers include that license only. Some of our contributors have contributed code under our old license, and accordingly, we have retained a copy of our old license notice in the top-level files in each project and repository. llvm-svn: 351636
2019-01-19 16:50:56 +08:00
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
//
//===----------------------------------------------------------------------===//
//
// Entry points to the runtime library for Clang's undefined behavior sanitizer.
//
//===----------------------------------------------------------------------===//
#ifndef UBSAN_HANDLERS_H
#define UBSAN_HANDLERS_H
#include "ubsan_value.h"
namespace __ubsan {
struct TypeMismatchData {
SourceLocation Loc;
const TypeDescriptor &Type;
[ubsan] Minimize size of data for type_mismatch (Redo of D19668) Summary: This is the compiler-rt side of D28242. Reviewers: kcc, vitalybuka, pgousseau, gbedwell Subscribers: kubabrecka, llvm-commits Differential Revision: https://reviews.llvm.org/D28244 llvm-svn: 291237
2017-01-06 22:40:28 +08:00
unsigned char LogAlignment;
Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
unsigned char TypeCheckKind;
};
[UBSan] Add support for printing backtraces to all UBSan handlers llvm-svn: 216289
2014-08-23 05:42:04 +08:00
#define UNRECOVERABLE(checkname, ...) \
[UBSan] Add noinline attribute to handlers that should never return. FIx a problem reported by Jakub Jelinek: don't do early-exit from fatal UBSan handlers: even if source location is disabled (i.e. acquired by some other thread), we should continue the execution to make sure that: a) some thread will print the error report before calling Die(). b) handler marked as noreturn will indeed not return. Explicitly add "Die()" calls at the end of all fatal handlers to be sure UBSan handlers don't introduce UB themselves. llvm-svn: 217542
2014-09-11 04:43:36 +08:00
extern "C" SANITIZER_INTERFACE_ATTRIBUTE NORETURN \
[UBSan] Add support for printing backtraces to all UBSan handlers llvm-svn: 216289
2014-08-23 05:42:04 +08:00
void __ubsan_handle_ ## checkname( __VA_ARGS__ );
[ubsan] Refactor handlers to have separate entry points for aborting. If user specifies aborting after a recoverable failed check is appropriate, frontend should emit call to the _abort variant. Test this behavior with newly added -fsanitize-recover flag. llvm-svn: 169113
2012-12-03 03:47:29 +08:00
#define RECOVERABLE(checkname, ...) \
[ubsan] Move attribute specifier to fix build with gcc. llvm-svn: 172078
2013-01-11 01:01:13 +08:00
extern "C" SANITIZER_INTERFACE_ATTRIBUTE \
void __ubsan_handle_ ## checkname( __VA_ARGS__ ); \
[UBSan] Add noinline attribute to handlers that should never return. FIx a problem reported by Jakub Jelinek: don't do early-exit from fatal UBSan handlers: even if source location is disabled (i.e. acquired by some other thread), we should continue the execution to make sure that: a) some thread will print the error report before calling Die(). b) handler marked as noreturn will indeed not return. Explicitly add "Die()" calls at the end of all fatal handlers to be sure UBSan handlers don't introduce UB themselves. llvm-svn: 217542
2014-09-11 04:43:36 +08:00
extern "C" SANITIZER_INTERFACE_ATTRIBUTE NORETURN \
[ubsan] Move attribute specifier to fix build with gcc. llvm-svn: 172078
2013-01-11 01:01:13 +08:00
void __ubsan_handle_ ## checkname ## _abort( __VA_ARGS__ );
[ubsan] Refactor handlers to have separate entry points for aborting. If user specifies aborting after a recoverable failed check is appropriate, frontend should emit call to the _abort variant. Test this behavior with newly added -fsanitize-recover flag. llvm-svn: 169113
2012-12-03 03:47:29 +08:00
Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
/// \brief Handle a runtime type check failure, caused by either a misaligned
/// pointer, a null pointer, or a pointer to insufficient storage for the
/// type.
[ubsan] Minimize size of data for type_mismatch (Redo of D19668) Summary: This is the compiler-rt side of D28242. Reviewers: kcc, vitalybuka, pgousseau, gbedwell Subscribers: kubabrecka, llvm-commits Differential Revision: https://reviews.llvm.org/D28244 llvm-svn: 291237
2017-01-06 22:40:28 +08:00
RECOVERABLE(type_mismatch_v1, TypeMismatchData *Data, ValueHandle Pointer)
Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
[compiler-rt][UBSan] Sanitization for alignment assumptions. Summary: This is the compiler-rt part. The clang part is D54589. This is a second commit, the original one was r351106, which was mass-reverted in r351159 because 2 compiler-rt tests were failing. Now, i have fundamentally changed the testing approach: i malloc a few bytes, intentionally mis-align the pointer (increment it by one), and check that. Also, i have decreased the expected alignment. This hopefully should be enough to pacify all the bots. If not, i guess i might just drop the two 'bad' tests. Reviewers: filcab, vsk, #sanitizers, vitalybuka, rsmith, morehouse Reviewed By: morehouse Subscribers: rjmccall, krytarowski, rsmith, kcc, srhines, kubamracek, dberris, llvm-commits Tags: #sanitizers Differential Revision: https://reviews.llvm.org/D54590 llvm-svn: 351178
2019-01-15 17:44:27 +08:00
struct AlignmentAssumptionData {
SourceLocation Loc;
SourceLocation AssumptionLoc;
const TypeDescriptor &Type;
};
/// \brief Handle a runtime alignment assumption check failure,
/// caused by a misaligned pointer.
RECOVERABLE(alignment_assumption, AlignmentAssumptionData *Data,
ValueHandle Pointer, ValueHandle Alignment, ValueHandle Offset)
Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
struct OverflowData {
SourceLocation Loc;
const TypeDescriptor &Type;
};
ubsan: Support unsigned overflows, and divide-by-zero int/float split. llvm-svn: 168700
2012-11-27 23:01:43 +08:00
/// \brief Handle an integer addition overflow.
[ubsan] Refactor handlers to have separate entry points for aborting. If user specifies aborting after a recoverable failed check is appropriate, frontend should emit call to the _abort variant. Test this behavior with newly added -fsanitize-recover flag. llvm-svn: 169113
2012-12-03 03:47:29 +08:00
RECOVERABLE(add_overflow, OverflowData *Data, ValueHandle LHS, ValueHandle RHS)
ubsan: Support unsigned overflows, and divide-by-zero int/float split. llvm-svn: 168700
2012-11-27 23:01:43 +08:00
/// \brief Handle an integer subtraction overflow.
[ubsan] Refactor handlers to have separate entry points for aborting. If user specifies aborting after a recoverable failed check is appropriate, frontend should emit call to the _abort variant. Test this behavior with newly added -fsanitize-recover flag. llvm-svn: 169113
2012-12-03 03:47:29 +08:00
RECOVERABLE(sub_overflow, OverflowData *Data, ValueHandle LHS, ValueHandle RHS)
ubsan: Support unsigned overflows, and divide-by-zero int/float split. llvm-svn: 168700
2012-11-27 23:01:43 +08:00
/// \brief Handle an integer multiplication overflow.
[ubsan] Refactor handlers to have separate entry points for aborting. If user specifies aborting after a recoverable failed check is appropriate, frontend should emit call to the _abort variant. Test this behavior with newly added -fsanitize-recover flag. llvm-svn: 169113
2012-12-03 03:47:29 +08:00
RECOVERABLE(mul_overflow, OverflowData *Data, ValueHandle LHS, ValueHandle RHS)
Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
/// \brief Handle a signed integer overflow for a unary negate operator.
[ubsan] Refactor handlers to have separate entry points for aborting. If user specifies aborting after a recoverable failed check is appropriate, frontend should emit call to the _abort variant. Test this behavior with newly added -fsanitize-recover flag. llvm-svn: 169113
2012-12-03 03:47:29 +08:00
RECOVERABLE(negate_overflow, OverflowData *Data, ValueHandle OldVal)
Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
/// \brief Handle an INT_MIN/-1 overflow or division by zero.
[ubsan] Refactor handlers to have separate entry points for aborting. If user specifies aborting after a recoverable failed check is appropriate, frontend should emit call to the _abort variant. Test this behavior with newly added -fsanitize-recover flag. llvm-svn: 169113
2012-12-03 03:47:29 +08:00
RECOVERABLE(divrem_overflow, OverflowData *Data,
ValueHandle LHS, ValueHandle RHS)
Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
struct ShiftOutOfBoundsData {
SourceLocation Loc;
const TypeDescriptor &LHSType;
const TypeDescriptor &RHSType;
};
/// \brief Handle a shift where the RHS is out of bounds or a left shift where
/// the LHS is negative or overflows.
[ubsan] Refactor handlers to have separate entry points for aborting. If user specifies aborting after a recoverable failed check is appropriate, frontend should emit call to the _abort variant. Test this behavior with newly added -fsanitize-recover flag. llvm-svn: 169113
2012-12-03 03:47:29 +08:00
RECOVERABLE(shift_out_of_bounds, ShiftOutOfBoundsData *Data,
ValueHandle LHS, ValueHandle RHS)
Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
ubsan: Runtime handlers for array indexing checks. llvm-svn: 175948
2013-02-23 10:40:07 +08:00
struct OutOfBoundsData {
SourceLocation Loc;
const TypeDescriptor &ArrayType;
const TypeDescriptor &IndexType;
};
/// \brief Handle an array index out of bounds error.
RECOVERABLE(out_of_bounds, OutOfBoundsData *Data, ValueHandle Index)
Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
struct UnreachableData {
SourceLocation Loc;
};
/// \brief Handle a __builtin_unreachable which is reached.
[UBSan] Add support for printing backtraces to all UBSan handlers llvm-svn: 216289
2014-08-23 05:42:04 +08:00
UNRECOVERABLE(builtin_unreachable, UnreachableData *Data)
Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
/// \brief Handle reaching the end of a value-returning function.
[UBSan] Add support for printing backtraces to all UBSan handlers llvm-svn: 216289
2014-08-23 05:42:04 +08:00
UNRECOVERABLE(missing_return, UnreachableData *Data)
Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
-fcatch-undefined-behavior: handler for VLA bound which evaluates to a non-positive value. llvm-svn: 165582
2012-10-10 09:10:59 +08:00
struct VLABoundData {
SourceLocation Loc;
const TypeDescriptor &Type;
};
/// \brief Handle a VLA with a non-positive bound.
[ubsan] Refactor handlers to have separate entry points for aborting. If user specifies aborting after a recoverable failed check is appropriate, frontend should emit call to the _abort variant. Test this behavior with newly added -fsanitize-recover flag. llvm-svn: 169113
2012-12-03 03:47:29 +08:00
RECOVERABLE(vla_bound_not_positive, VLABoundData *Data, ValueHandle Bound)
-fcatch-undefined-behavior: handler for VLA bound which evaluates to a non-positive value. llvm-svn: 165582
2012-10-10 09:10:59 +08:00
[compiler-rt] Add SourceLocations for float_cast_overflow data. Summary: Compiler-rt part of http://reviews.llvm.org/D11757 I ended up making UBSan work with both the old version and the new version of the float_cast_overflow data (instead of just erroring with the previous version). The old version will try to symbolize its caller. Now we compile the float_cast_overflow tests without -g, and make sure we have the source file+line+column. If you think I'm trying too hard to make sure we can still use both versions, let me know. Reviewers: samsonov, rsmith Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D11793 llvm-svn: 244567
2015-08-11 12:19:24 +08:00
// Keeping this around for binary compatibility with (sanitized) programs
// compiled with older compilers.
-fcatch-undefined-behavior: Runtime library support for trapping conversions to or from a floating-point type where the source value is not in the range of representable values of the destination type. llvm-svn: 165844
2012-10-13 06:57:15 +08:00
struct FloatCastOverflowData {
const TypeDescriptor &FromType;
const TypeDescriptor &ToType;
};
[compiler-rt] Add SourceLocations for float_cast_overflow data. Summary: Compiler-rt part of http://reviews.llvm.org/D11757 I ended up making UBSan work with both the old version and the new version of the float_cast_overflow data (instead of just erroring with the previous version). The old version will try to symbolize its caller. Now we compile the float_cast_overflow tests without -g, and make sure we have the source file+line+column. If you think I'm trying too hard to make sure we can still use both versions, let me know. Reviewers: samsonov, rsmith Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D11793 llvm-svn: 244567
2015-08-11 12:19:24 +08:00
struct FloatCastOverflowDataV2 {
SourceLocation Loc;
const TypeDescriptor &FromType;
const TypeDescriptor &ToType;
};
/// Handle overflow in a conversion to or from a floating-point type.
/// void *Data is one of FloatCastOverflowData* or FloatCastOverflowDataV2*
RECOVERABLE(float_cast_overflow, void *Data, ValueHandle From)
-fcatch-undefined-behavior: Runtime library support for trapping conversions to or from a floating-point type where the source value is not in the range of representable values of the destination type. llvm-svn: 165844
2012-10-13 06:57:15 +08:00
ubsan: Add -fsanitize=bool and -fsanitize=enum, which check for loads of bit-patterns which are not valid values for enumerated or boolean types. These checks are the ubsan analogue of !range metadata. llvm-svn: 170107
2012-12-13 15:00:14 +08:00
struct InvalidValueData {
Make the InvalidValueData take a SourceLocation. llvm-svn: 191807
2013-10-02 10:29:47 +08:00
SourceLocation Loc;
ubsan: Add -fsanitize=bool and -fsanitize=enum, which check for loads of bit-patterns which are not valid values for enumerated or boolean types. These checks are the ubsan analogue of !range metadata. llvm-svn: 170107
2012-12-13 15:00:14 +08:00
const TypeDescriptor &Type;
};
/// \brief Handle a load of an invalid value for the type.
RECOVERABLE(load_invalid_value, InvalidValueData *Data, ValueHandle Val)
[compiler-rt][ubsan] Implicit Conversion Sanitizer - integer truncation - compiler-rt part Summary: This is a compiler-rt part. The clang part is D48958. See [[ https://bugs.llvm.org/show_bug.cgi?id=21530 | PR21530 ]], https://github.com/google/sanitizers/issues/940. Reviewers: #sanitizers, samsonov, vsk, rsmith, pcc, eugenis, kcc, filcab Reviewed By: #sanitizers, vsk, filcab Subscribers: llvm-commits, eugenis, filcab, kubamracek, dberris, #sanitizers, regehr Tags: #sanitizers Differential Revision: https://reviews.llvm.org/D48959 llvm-svn: 338287
2018-07-31 02:58:30 +08:00
/// Known implicit conversion check kinds.
/// Keep in sync with the enum of the same name in CGExprScalar.cpp
enum ImplicitConversionCheckKind : unsigned char {
[compiler-rt][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks Summary: This is compiler-rt part. clang part is D50901. Reviewers: rsmith, vsk, filcab, Sanitizers Reviewed by: filcab Differential Revision: https://reviews.llvm.org/D50902 llvm-svn: 344231
2018-10-11 17:09:52 +08:00
ICCK_IntegerTruncation = 0, // Legacy, was only used by clang 7.
ICCK_UnsignedIntegerTruncation = 1,
ICCK_SignedIntegerTruncation = 2,
[compiler-rt][ubsan] Implicit Conversion Sanitizer - integer sign change - compiler-rt part Summary: This is a compiler-rt part. The clang part is D50250. See [[ https://bugs.llvm.org/show_bug.cgi?id=21530 | PR21530 ]], https://github.com/google/sanitizers/issues/940. Reviewers: vsk, filcab, #sanitizers Reviewed By: filcab, #sanitizers Subscribers: mclow.lists, srhines, kubamracek, dberris, rjmccall, rsmith, llvm-commits, regehr Tags: #sanitizers Differential Revision: https://reviews.llvm.org/D50251 llvm-svn: 345659
2018-10-31 05:58:54 +08:00
ICCK_IntegerSignChange = 3,
ICCK_SignedIntegerTruncationOrSignChange = 4,
[compiler-rt][ubsan] Implicit Conversion Sanitizer - integer truncation - compiler-rt part Summary: This is a compiler-rt part. The clang part is D48958. See [[ https://bugs.llvm.org/show_bug.cgi?id=21530 | PR21530 ]], https://github.com/google/sanitizers/issues/940. Reviewers: #sanitizers, samsonov, vsk, rsmith, pcc, eugenis, kcc, filcab Reviewed By: #sanitizers, vsk, filcab Subscribers: llvm-commits, eugenis, filcab, kubamracek, dberris, #sanitizers, regehr Tags: #sanitizers Differential Revision: https://reviews.llvm.org/D48959 llvm-svn: 338287
2018-07-31 02:58:30 +08:00
};
struct ImplicitConversionData {
SourceLocation Loc;
const TypeDescriptor &FromType;
const TypeDescriptor &ToType;
/* ImplicitConversionCheckKind */ unsigned char Kind;
};
/// \brief Implict conversion that changed the value.
RECOVERABLE(implicit_conversion, ImplicitConversionData *Data, ValueHandle Src,
ValueHandle Dst)
[ubsan] Diagnose invalid uses of builtins (compiler-rt) Differential Revision: https://reviews.llvm.org/D34591 llvm-svn: 309461
2017-07-29 08:20:02 +08:00
/// Known builtin check kinds.
/// Keep in sync with the enum of the same name in CodeGenFunction.h
enum BuiltinCheckKind : unsigned char {
BCK_CTZPassedZero,
BCK_CLZPassedZero,
};
struct InvalidBuiltinData {
SourceLocation Loc;
unsigned char Kind;
};
/// Handle a builtin called in an invalid way.
RECOVERABLE(invalid_builtin, InvalidBuiltinData *Data)
[ubsan] Check implicit casts in ObjC for-in statements Check that the implicit cast from `id` used to construct the element variable in an ObjC for-in statement is valid. This check is included as part of a new `objc-cast` sanitizer, outside of the main 'undefined' group, as (IIUC) the behavior it's checking for is not technically UB. The check can be extended to cover other kinds of invalid casts in ObjC. Partially addresses: rdar://12903059, rdar://9542496 Differential Revision: https://reviews.llvm.org/D71491
2019-12-14 04:59:40 +08:00
struct InvalidObjCCast {
SourceLocation Loc;
const TypeDescriptor &ExpectedType;
};
/// Handle an invalid ObjC cast.
RECOVERABLE(invalid_objc_cast, InvalidObjCCast *Data, ValueHandle Pointer)
[UBSan] Add returns-nonnull sanitizer. Summary: This patch adds a runtime check verifying that functions annotated with "returns_nonnull" attribute do in fact return nonnull pointers. It is based on suggestion by Jakub Jelinek: http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20140623/223693.html. Test Plan: regression test suite Reviewers: rsmith Reviewed By: rsmith Subscribers: cfe-commits Differential Revision: http://reviews.llvm.org/D4849 llvm-svn: 215485
2014-08-13 08:26:40 +08:00
struct NonNullReturnData {
Report source location of returns_nonnull attribute in UBSan reports. llvm-svn: 217400
2014-09-09 04:17:19 +08:00
SourceLocation AttrLoc;
[UBSan] Add returns-nonnull sanitizer. Summary: This patch adds a runtime check verifying that functions annotated with "returns_nonnull" attribute do in fact return nonnull pointers. It is based on suggestion by Jakub Jelinek: http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20140623/223693.html. Test Plan: regression test suite Reviewers: rsmith Reviewed By: rsmith Subscribers: cfe-commits Differential Revision: http://reviews.llvm.org/D4849 llvm-svn: 215485
2014-08-13 08:26:40 +08:00
};
[ubsan] Add diagnostic handlers for nullability errors Add 'nullability_arg' and 'nullability_return' diagnostic handlers, and also add a TypeCheckKind for null assignments to _Nonnull. With this in place, we can update clang to use the nicer handlers for nullability diagnostics. The alternative to this approach is to update the existing 'nonnull_arg' and 'nonnull_return' handlers to accept a boolean parameter. However, versioning the existing handlers would cause code size bloat, and the complexity cost of introducing new handlers into the runtime is low. I will add tests for this, and all of -fsanitize=nullability, into check-ubsan once the clang side of the changes is in. llvm-svn: 297748
2017-03-15 00:32:27 +08:00
/// \brief Handle returning null from function with the returns_nonnull
/// attribute, or a return type annotated with _Nonnull.
[ubsan] Improve diagnostics for return value checks (compiler-rt) Differential Revision: https://reviews.llvm.org/D34298 llvm-svn: 306164
2017-06-24 05:32:48 +08:00
RECOVERABLE(nonnull_return_v1, NonNullReturnData *Data, SourceLocation *Loc)
RECOVERABLE(nullability_return_v1, NonNullReturnData *Data, SourceLocation *Loc)
[UBSan] Add returns-nonnull sanitizer. Summary: This patch adds a runtime check verifying that functions annotated with "returns_nonnull" attribute do in fact return nonnull pointers. It is based on suggestion by Jakub Jelinek: http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20140623/223693.html. Test Plan: regression test suite Reviewers: rsmith Reviewed By: rsmith Subscribers: cfe-commits Differential Revision: http://reviews.llvm.org/D4849 llvm-svn: 215485
2014-08-13 08:26:40 +08:00
Implement nonnull-attribute sanitizer Summary: This patch implements a new UBSan check, which verifies that function arguments declared to be nonnull with __attribute__((nonnull)) are actually nonnull in runtime. To implement this check, we pass FunctionDecl to CodeGenFunction::EmitCallArgs (where applicable) and if function declaration has nonnull attribute specified for a certain formal parameter, we compare the corresponding RValue to null as soon as it's calculated. Test Plan: regression test suite Reviewers: rsmith Reviewed By: rsmith Subscribers: cfe-commits, rnk Differential Revision: http://reviews.llvm.org/D5082 llvm-svn: 217389
2014-09-09 01:22:45 +08:00
struct NonNullArgData {
SourceLocation Loc;
SourceLocation AttrLoc;
int ArgIndex;
};
[ubsan] Add diagnostic handlers for nullability errors Add 'nullability_arg' and 'nullability_return' diagnostic handlers, and also add a TypeCheckKind for null assignments to _Nonnull. With this in place, we can update clang to use the nicer handlers for nullability diagnostics. The alternative to this approach is to update the existing 'nonnull_arg' and 'nonnull_return' handlers to accept a boolean parameter. However, versioning the existing handlers would cause code size bloat, and the complexity cost of introducing new handlers into the runtime is low. I will add tests for this, and all of -fsanitize=nullability, into check-ubsan once the clang side of the changes is in. llvm-svn: 297748
2017-03-15 00:32:27 +08:00
/// \brief Handle passing null pointer to a function parameter with the nonnull
/// attribute, or a _Nonnull type annotation.
Remove extra semicolon [-Wpedantic] llvm-svn: 217407
2014-09-09 07:37:09 +08:00
RECOVERABLE(nonnull_arg, NonNullArgData *Data)
[ubsan] Add diagnostic handlers for nullability errors Add 'nullability_arg' and 'nullability_return' diagnostic handlers, and also add a TypeCheckKind for null assignments to _Nonnull. With this in place, we can update clang to use the nicer handlers for nullability diagnostics. The alternative to this approach is to update the existing 'nonnull_arg' and 'nonnull_return' handlers to accept a boolean parameter. However, versioning the existing handlers would cause code size bloat, and the complexity cost of introducing new handlers into the runtime is low. I will add tests for this, and all of -fsanitize=nullability, into check-ubsan once the clang side of the changes is in. llvm-svn: 297748
2017-03-15 00:32:27 +08:00
RECOVERABLE(nullability_arg, NonNullArgData *Data)
Implement nonnull-attribute sanitizer Summary: This patch implements a new UBSan check, which verifies that function arguments declared to be nonnull with __attribute__((nonnull)) are actually nonnull in runtime. To implement this check, we pass FunctionDecl to CodeGenFunction::EmitCallArgs (where applicable) and if function declaration has nonnull attribute specified for a certain formal parameter, we compare the corresponding RValue to null as soon as it's calculated. Test Plan: regression test suite Reviewers: rsmith Reviewed By: rsmith Subscribers: cfe-commits, rnk Differential Revision: http://reviews.llvm.org/D5082 llvm-svn: 217389
2014-09-09 01:22:45 +08:00
[ubsan] Runtime support for pointer overflow checking Patch by John Regehr and Will Dietz! Differential Revision: https://reviews.llvm.org/D20323 llvm-svn: 304461
2017-06-02 03:40:59 +08:00
struct PointerOverflowData {
SourceLocation Loc;
};
RECOVERABLE(pointer_overflow, PointerOverflowData *Data, ValueHandle Base,
ValueHandle Result)
[cfi] Cross-DSO CFI diagnostic mode (compiler-rt part) * add __cfi_slowpath_diag with a 3rd parameter which is a pointer to the diagnostic info for the ubsan handlers. *__cfi_check gets a 3rd parameter as well. * unify vcall/cast/etc and icall diagnostic info format, and merge the handlers to have a single entry point (actually two points due to abort/noabort variants). * tests Note that this comes with a tiny overhead in the non-diag mode: cfi_slowpath must pass 0 as the 3rd argument to cfi_check. llvm-svn: 258744
2016-01-26 07:34:38 +08:00
/// \brief Known CFI check kinds.
/// Keep in sync with the enum of the same name in CodeGenFunction.h
enum CFITypeCheckKind : unsigned char {
CFITCK_VCall,
CFITCK_NVCall,
CFITCK_DerivedCast,
CFITCK_UnrelatedCast,
CFITCK_ICall,
Implement CFI for indirect calls via a member function pointer. Similarly to CFI on virtual and indirect calls, this implementation tries to use program type information to make the checks as precise as possible. The basic way that it works is as follows, where `C` is the name of the class being defined or the target of a call and the function type is assumed to be `void()`. For virtual calls: - Attach type metadata to the addresses of function pointers in vtables (not the functions themselves) of type `void (B::*)()` for each `B` that is a recursive dynamic base class of `C`, including `C` itself. This type metadata has an annotation that the type is for virtual calls (to distinguish it from the non-virtual case). - At the call site, check that the computed address of the function pointer in the vtable has type `void (C::*)()`. For non-virtual calls: - Attach type metadata to each non-virtual member function whose address can be taken with a member function pointer. The type of a function in class `C` of type `void()` is each of the types `void (B::*)()` where `B` is a most-base class of `C`. A most-base class of `C` is defined as a recursive base class of `C`, including `C` itself, that does not have any bases. - At the call site, check that the function pointer has one of the types `void (B::*)()` where `B` is a most-base class of `C`. Differential Revision: https://reviews.llvm.org/D47567 llvm-svn: 335569
2018-06-26 10:15:47 +08:00
CFITCK_NVMFCall,
CFITCK_VMFCall,
[cfi] Cross-DSO CFI diagnostic mode (compiler-rt part) * add __cfi_slowpath_diag with a 3rd parameter which is a pointer to the diagnostic info for the ubsan handlers. *__cfi_check gets a 3rd parameter as well. * unify vcall/cast/etc and icall diagnostic info format, and merge the handlers to have a single entry point (actually two points due to abort/noabort variants). * tests Note that this comes with a tiny overhead in the non-diag mode: cfi_slowpath must pass 0 as the 3rd argument to cfi_check. llvm-svn: 258744
2016-01-26 07:34:38 +08:00
};
struct CFICheckFailData {
CFITypeCheckKind CheckKind;
CFI: Add diagnostic handler and tests for indirect call checker. Differential Revision: http://reviews.llvm.org/D11858 llvm-svn: 247239
2015-09-10 10:18:02 +08:00
SourceLocation Loc;
const TypeDescriptor &Type;
};
[cfi] Cross-DSO CFI diagnostic mode (compiler-rt part) * add __cfi_slowpath_diag with a 3rd parameter which is a pointer to the diagnostic info for the ubsan handlers. *__cfi_check gets a 3rd parameter as well. * unify vcall/cast/etc and icall diagnostic info format, and merge the handlers to have a single entry point (actually two points due to abort/noabort variants). * tests Note that this comes with a tiny overhead in the non-diag mode: cfi_slowpath must pass 0 as the 3rd argument to cfi_check. llvm-svn: 258744
2016-01-26 07:34:38 +08:00
/// \brief Handle control flow integrity failures.
[cfi] Safe handling of unaddressable vtable pointers (compiler-rt). Avoid crashing when printing diagnostics for vtable-related CFI errors. In diagnostic mode, the frontend does an additional check of the vtable pointer against the set of all known vtable addresses and lets the runtime handler know if it is safe to inspect the vtable. http://reviews.llvm.org/D16824 llvm-svn: 259717
2016-02-04 06:19:04 +08:00
RECOVERABLE(cfi_check_fail, CFICheckFailData *Data, ValueHandle Function,
uptr VtableIsValid)
ubsan: Unbreak ubsan_cxx runtime library on Windows. This was originally broken by r258744 which introduced a weak reference from ubsan to ubsan_cxx. This reference does not work directly on Windows because COFF has no direct concept of weak symbols. The fix is to use /alternatename to create a weak external reference to ubsan_cxx. Also fix the definition (and the name, so that we drop cached values) of the cmake flag that controls whether to build ubsan_cxx. Now the user-controllable flag is always on, and we turn it off internally depending on whether we support building it. Differential Revision: https://reviews.llvm.org/D37882 llvm-svn: 313391
2017-09-16 04:24:12 +08:00
struct ReportOptions;
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void __ubsan_handle_cfi_bad_type(
CFICheckFailData *Data, ValueHandle Vtable, bool ValidVtable,
ReportOptions Opts);
Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior. llvm-svn: 165533
2012-10-10 03:34:32 +08:00
}
#endif // UBSAN_HANDLERS_H