[ubsan] Implement the -fcatch-undefined-behavior flag using a trapping

implementation; this is much more inline with the original implementation
(i.e., pre-ubsan) and does not require run-time library support.

The trapping implementation can be invoked using either '-fcatch-undefined-behavior'
or '-fsanitize=undefined-trap -fsanitize-undefined-trap-on-error', with the latter
being preferred.  Eventually, the -fcatch-undefined-behavior' flag will be removed.

llvm-svn: 173848

clang/docs/UsersManual.rst

@@ -867,6 +867,14 @@ are listed below.
       includes all of the checks listed below other than
       ``unsigned-integer-overflow``.
 
+      ``-fsanitize=undefined-trap``: This includes all sanitizers
+      included by ``-fsanitize=undefined``, except those that require
+      runtime support.  This group of sanitizers are generally used
+      in conjunction with the ``-fsanitize-undefined-trap-on-error``
+      flag, which causes traps to be emitted, rather than calls to
+      runtime libraries. This includes all of the checks listed below
+      other than ``unsigned-integer-overflow`` and ``vptr``.
+
    The following more fine-grained checks are also available:
 
    -  ``-fsanitize=alignment``: Use of a misaligned pointer or creation

clang/include/clang/Basic/Sanitizers.def

@@ -74,15 +74,24 @@ SANITIZER("vptr", Vptr)
 // IntegerSanitizer
 SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow)
 
-// -fsanitize=undefined (and its alias -fcatch-undefined-behavior). This should
+// -fsanitize=undefined includes all the sanitizers which have low overhead, no
-// include all the sanitizers which have low overhead, no ABI or address space
+// ABI or address space layout implications, and only catch undefined behavior.
-// layout implications, and only catch undefined behavior.
 SANITIZER_GROUP("undefined", Undefined,
                 Alignment | Bool | Bounds | Enum | FloatCastOverflow |
                 FloatDivideByZero | IntegerDivideByZero | Null | ObjectSize |
                 Return | Shift | SignedIntegerOverflow | Unreachable |
                 VLABound | Vptr)
 
+// -fsanitize=undefined-trap (and its alias -fcatch-undefined-behavior) includes
+// all sanitizers included by -fsanitize=undefined, except those that require
+// runtime support.  This group is generally used in conjunction with the
+// -fsanitize-undefined-trap-on-error flag.
+SANITIZER_GROUP("undefined-trap", UndefinedTrap,
+                Alignment | Bool | Bounds | Enum | FloatCastOverflow |
+                FloatDivideByZero | IntegerDivideByZero | Null | ObjectSize |
+                Return | Shift | SignedIntegerOverflow | Unreachable |
+                VLABound)
+
 SANITIZER_GROUP("integer", Integer,
                 SignedIntegerOverflow | UnsignedIntegerOverflow | Shift |
                 IntegerDivideByZero)

clang/include/clang/Driver/Options.td

@@ -414,6 +414,10 @@ def fsanitize_recover : Flag<["-"], "fsanitize-recover">,
 def fno_sanitize_recover : Flag<["-"], "fno-sanitize-recover">,
                            Group<f_clang_Group>, Flags<[CC1Option]>,
                            HelpText<"Disable sanitizer check recovery">;
+def fsanitize_undefined_trap_on_error : Flag<["-"], "fsanitize-undefined-trap-on-error">,
+                                        Group<f_clang_Group>, Flags<[CC1Option]>;
+def fno_sanitize_undefined_trap_on_error : Flag<["-"], "fno-sanitize-undefined-trap-on-error">,
+                                           Group<f_clang_Group>;
 def funsafe_math_optimizations : Flag<["-"], "funsafe-math-optimizations">,
   Group<f_Group>;
 def fno_unsafe_math_optimizations : Flag<["-"], "fno-unsafe-math-optimizations">,

clang/include/clang/Frontend/CodeGenOptions.def

@@ -87,6 +87,8 @@ CODEGENOPT(SanitizeAddressZeroBaseShadow , 1, 0) ///< Map shadow memory at zero
                                                  ///< offset in AddressSanitizer.
 CODEGENOPT(SanitizeMemoryTrackOrigins, 1, 0) ///< Enable tracking origins in
                                              ///< MemorySanitizer
+CODEGENOPT(SanitizeUndefinedTrapOnError, 1, 0) ///< Set on
+                                               /// -fsanitize-undefined-trap-on-error
 CODEGENOPT(SimplifyLibCalls  , 1, 1) ///< Set when -fbuiltin is enabled.
 CODEGENOPT(SoftFloat         , 1, 0) ///< -soft-float.
 CODEGENOPT(StrictEnums       , 1, 0) ///< Optimize based on strict enum definition.

clang/lib/CodeGen/CGExpr.cpp

@@ -1975,6 +1975,13 @@ void CodeGenFunction::EmitCheck(llvm::Value *Checked, StringRef CheckName,
                                 ArrayRef<llvm::Value *> DynamicArgs,
                                 CheckRecoverableKind RecoverKind) {
   assert(SanOpts != &SanitizerOptions::Disabled);
+
+  if (CGM.getCodeGenOpts().SanitizeUndefinedTrapOnError) {
+    assert (RecoverKind != CRK_AlwaysRecoverable &&
+            "Runtime call required for AlwaysRecoverable kind!");
+    return EmitTrapCheck(Checked);
+  }
+
   llvm::BasicBlock *Cont = createBasicBlock("cont");
 
   llvm::BasicBlock *Handler = createBasicBlock("handler." + CheckName);
@@ -2043,7 +2050,7 @@ void CodeGenFunction::EmitCheck(llvm::Value *Checked, StringRef CheckName,
   EmitBlock(Cont);
 }
 
-void CodeGenFunction::EmitTrapvCheck(llvm::Value *Checked) {
+void CodeGenFunction::EmitTrapCheck(llvm::Value *Checked) {
   llvm::BasicBlock *Cont = createBasicBlock("cont");
 
   // If we're optimizing, collapse all calls to trap down to just one per

clang/lib/CodeGen/CGExprScalar.cpp

@@ -2044,7 +2044,7 @@ Value *ScalarExprEmitter::EmitOverflowCheckedBinOp(const BinOpInfo &Ops) {
     if (!isSigned || CGF.SanOpts->SignedIntegerOverflow)
       EmitBinOpCheck(Builder.CreateNot(overflow), Ops);
     else
-      CGF.EmitTrapvCheck(Builder.CreateNot(overflow));
+      CGF.EmitTrapCheck(Builder.CreateNot(overflow));
     return result;
   }
 

clang/lib/CodeGen/CodeGenFunction.h

@@ -2606,7 +2606,7 @@ public:
 
   /// \brief Create a basic block that will call the trap intrinsic, and emit a
   /// conditional branch to it, for the -ftrapv checks.
-  void EmitTrapvCheck(llvm::Value *Checked);
+  void EmitTrapCheck(llvm::Value *Checked);
 
   /// EmitCallArg - Emit a single call argument.
   void EmitCallArg(CallArgList &args, const Expr *E, QualType ArgType);

clang/lib/Driver/SanitizerArgs.h

@@ -36,25 +36,32 @@ class SanitizerArgs {
     NeedsAsanRt = Address,
     NeedsTsanRt = Thread,
     NeedsMsanRt = Memory,
-    NeedsUbsanRt = (Undefined & ~Bounds) | Integer
+    NeedsUbsanRt = (Undefined & ~Bounds) | Integer,
+    NotAllowedWithTrap = Vptr
   };
   unsigned Kind;
   std::string BlacklistFile;
   bool MsanTrackOrigins;
   bool AsanZeroBaseShadow;
+  bool UbsanTrapOnError;
 
  public:
   SanitizerArgs() : Kind(0), BlacklistFile(""), MsanTrackOrigins(false),
-                    AsanZeroBaseShadow(false) {}
+                    AsanZeroBaseShadow(false), UbsanTrapOnError(false) {}
   /// Parses the sanitizer arguments from an argument list.
   SanitizerArgs(const Driver &D, const ArgList &Args);
 
   bool needsAsanRt() const { return Kind & NeedsAsanRt; }
   bool needsTsanRt() const { return Kind & NeedsTsanRt; }
   bool needsMsanRt() const { return Kind & NeedsMsanRt; }
-  bool needsUbsanRt() const { return Kind & NeedsUbsanRt; }
+  bool needsUbsanRt() const {
+    if (UbsanTrapOnError)
+      return false;
+    return Kind & NeedsUbsanRt;
+  }
 
   bool sanitizesVptr() const { return Kind & Vptr; }
+  bool notAllowedWithTrap() const { return Kind & NotAllowedWithTrap; }
 
   void addArgs(const ArgList &Args, ArgStringList &CmdArgs) const {
     if (!Kind)
@@ -127,8 +134,9 @@ class SanitizerArgs {
       Remove = Thread;
       DeprecatedReplacement = "-fno-sanitize=thread";
     } else if (A->getOption().matches(options::OPT_fcatch_undefined_behavior)) {
-      Add = Undefined;
+      Add = UndefinedTrap;
-      DeprecatedReplacement = "-fsanitize=undefined";
+      DeprecatedReplacement = 
+        "-fsanitize=undefined-trap -fsanitize-undefined-trap-on-error";
     } else if (A->getOption().matches(options::OPT_fbounds_checking) ||
                A->getOption().matches(options::OPT_fbounds_checking_EQ)) {
       Add = Bounds;

clang/lib/Driver/Tools.cpp

@@ -1459,6 +1459,33 @@ SanitizerArgs::SanitizerArgs(const Driver &D, const ArgList &Args)
     AllKinds |= Add;
   }
 
+  UbsanTrapOnError =
+    Args.hasArg(options::OPT_fcatch_undefined_behavior) ||
+    Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error,
+                 options::OPT_fno_sanitize_undefined_trap_on_error, false);
+
+  if (Args.hasArg(options::OPT_fcatch_undefined_behavior) &&
+      !Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error,
+                    options::OPT_fno_sanitize_undefined_trap_on_error, true)) {
+    D.Diag(diag::err_drv_argument_not_allowed_with)
+      << "-fcatch-undefined-behavior"
+      << "-fno-sanitize-undefined-trap-on-error";
+  }
+
+  // Warn about undefined sanitizer options that require runtime support.
+  if (UbsanTrapOnError && notAllowedWithTrap()) {
+    if (Args.hasArg(options::OPT_fcatch_undefined_behavior))
+      D.Diag(diag::err_drv_argument_not_allowed_with)
+        << lastArgumentForKind(D, Args, NotAllowedWithTrap)
+        << "-fcatch-undefined-behavior";
+    else if (Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error,
+                          options::OPT_fno_sanitize_undefined_trap_on_error,
+                          false))
+      D.Diag(diag::err_drv_argument_not_allowed_with)
+        << lastArgumentForKind(D, Args, NotAllowedWithTrap)
+        << "-fsanitize-undefined-trap-on-error";
+  }
+
   // Only one runtime library can be used at once.
   bool NeedsAsan = needsAsanRt();
   bool NeedsTsan = needsTsanRt();
@@ -2501,6 +2528,11 @@ void Clang::ConstructJob(Compilation &C, const JobAction &JA,
                     true))
     CmdArgs.push_back("-fno-sanitize-recover");
 
+  if (Args.hasArg(options::OPT_fcatch_undefined_behavior) ||
+      Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error,
+                   options::OPT_fno_sanitize_undefined_trap_on_error, false))
+    CmdArgs.push_back("-fsanitize-undefined-trap-on-error");
+
   // Report and error for -faltivec on anything other then PowerPC.
   if (const Arg *A = Args.getLastArg(options::OPT_faltivec))
     if (!(getToolChain().getTriple().getArch() == llvm::Triple::ppc ||

clang/lib/Frontend/CompilerInvocation.cpp

@@ -392,6 +392,8 @@ static bool ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args, InputKind IK,
     Args.hasArg(OPT_fsanitize_memory_track_origins);
   Opts.SanitizeAddressZeroBaseShadow =
     Args.hasArg(OPT_fsanitize_address_zero_base_shadow);
+  Opts.SanitizeUndefinedTrapOnError =
+    Args.hasArg(OPT_fsanitize_undefined_trap_on_error);
   Opts.SSPBufferSize =
     Args.getLastArgIntValue(OPT_stack_protector_buffer_size, 8, Diags);
   Opts.StackRealignment = Args.hasArg(OPT_mstackrealign);

clang/test/CodeGen/catch-undef-behavior.c

@@ -1,4 +1,5 @@
 // RUN: %clang_cc1 -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s
+// RUN: %clang_cc1 -fsanitize-undefined-trap-on-error -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-TRAP
 // RUN: %clang_cc1 -fsanitize=null -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-NULL
 // RUN: %clang_cc1 -fsanitize=signed-integer-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-OVERFLOW
 
@@ -24,25 +25,42 @@
 // PR6805
 // CHECK: @foo
 // CHECK-NULL: @foo
+// CHECK-TRAP: @foo
 void foo() {
   union { int i; } u;
   // CHECK:      %[[CHECK0:.*]] = icmp ne {{.*}}* %[[PTR:.*]], null
+  // CHECK-TRAP: %[[CHECK0:.*]] = icmp ne {{.*}}* %[[PTR:.*]], null
 
   // CHECK:      %[[I8PTR:.*]] = bitcast i32* %[[PTR]] to i8*
   // CHECK-NEXT: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64(i8* %[[I8PTR]], i1 false)
   // CHECK-NEXT: %[[CHECK1:.*]] = icmp uge i64 %[[SIZE]], 4
   // CHECK-NEXT: %[[CHECK01:.*]] = and i1 %[[CHECK0]], %[[CHECK1]]
 
+  // CHECK-TRAP:      %[[I8PTR:.*]] = bitcast i32* %[[PTR]] to i8*
+  // CHECK-TRAP-NEXT: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64(i8* %[[I8PTR]], i1 false)
+  // CHECK-TRAP-NEXT: %[[CHECK1:.*]] = icmp uge i64 %[[SIZE]], 4
+  // CHECK-TRAP-NEXT: %[[CHECK01:.*]] = and i1 %[[CHECK0]], %[[CHECK1]]
+
   // CHECK:      %[[PTRTOINT:.*]] = ptrtoint {{.*}}* %[[PTR]] to i64
   // CHECK-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRTOINT]], 3
   // CHECK-NEXT: %[[CHECK2:.*]] = icmp eq i64 %[[MISALIGN]], 0
 
+  // CHECK-TRAP:      %[[PTRTOINT:.*]] = ptrtoint {{.*}}* %[[PTR]] to i64
+  // CHECK-TRAP-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRTOINT]], 3
+  // CHECK-TRAP-NEXT: %[[CHECK2:.*]] = icmp eq i64 %[[MISALIGN]], 0
+
   // CHECK:      %[[OK:.*]] = and i1 %[[CHECK01]], %[[CHECK2]]
   // CHECK-NEXT: br i1 %[[OK]], {{.*}} !prof ![[WEIGHT_MD:.*]]
 
+  // CHECK-TRAP:      %[[OK:.*]] = and i1 %[[CHECK01]], %[[CHECK2]]
+  // CHECK-TRAP-NEXT: br i1 %[[OK]], {{.*}}
+
   // CHECK:      %[[ARG:.*]] = ptrtoint {{.*}} %[[PTR]] to i64
   // CHECK-NEXT: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_100]] to i8*), i64 %[[ARG]])
 
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
+
   // With -fsanitize=null, only perform the null check.
   // CHECK-NULL: %[[NULL:.*]] = icmp ne {{.*}}, null
   // CHECK-NULL: br i1 %[[NULL]]
@@ -52,16 +70,28 @@ void foo() {
 }
 
 // CHECK: @bar
+// CHECK-TRAP: @bar
 int bar(int *a) {
   // CHECK:      %[[SIZE:.*]] = call i64 @llvm.objectsize.i64
   // CHECK-NEXT: icmp uge i64 %[[SIZE]], 4
 
+  // CHECK-TRAP:      %[[SIZE:.*]] = call i64 @llvm.objectsize.i64
+  // CHECK-TRAP-NEXT: icmp uge i64 %[[SIZE]], 4
+
   // CHECK:      %[[PTRINT:.*]] = ptrtoint
   // CHECK-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRINT]], 3
   // CHECK-NEXT: icmp eq i64 %[[MISALIGN]], 0
 
+  // CHECK-TRAP:      %[[PTRINT:.*]] = ptrtoint
+  // CHECK-TRAP-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRINT]], 3
+  // CHECK-TRAP-NEXT: icmp eq i64 %[[MISALIGN]], 0
+
   // CHECK:      %[[ARG:.*]] = ptrtoint
   // CHECK-NEXT: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_200]] to i8*), i64 %[[ARG]])
+
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
+
 #line 200
   return *a;
 }
@@ -73,55 +103,91 @@ int addr_space(int __attribute__((address_space(256))) *a) {
 }
 
 // CHECK: @lsh_overflow
+// CHECK-TRAP: @lsh_overflow
 int lsh_overflow(int a, int b) {
   // CHECK:      %[[INBOUNDS:.*]] = icmp ule i32 %[[RHS:.*]], 31
   // CHECK-NEXT: br i1 %[[INBOUNDS]]
 
+  // CHECK-TRAP:      %[[INBOUNDS:.*]] = icmp ule i32 %[[RHS:.*]], 31
+  // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
+
   // FIXME: Only emit one trap block here.
   // CHECK:      %[[ARG1:.*]] = zext
   // CHECK-NEXT: %[[ARG2:.*]] = zext
   // CHECK-NEXT: call void @__ubsan_handle_shift_out_of_bounds(i8* bitcast ({{.*}} @[[LINE_300_A]] to i8*), i64 %[[ARG1]], i64 %[[ARG2]])
 
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
+
   // CHECK:      %[[SHIFTED_OUT_WIDTH:.*]] = sub nuw nsw i32 31, %[[RHS]]
   // CHECK-NEXT: %[[SHIFTED_OUT:.*]] = lshr i32 %[[LHS:.*]], %[[SHIFTED_OUT_WIDTH]]
   // CHECK-NEXT: %[[NO_OVERFLOW:.*]] = icmp eq i32 %[[SHIFTED_OUT]], 0
   // CHECK-NEXT: br i1 %[[NO_OVERFLOW]], {{.*}} !prof ![[WEIGHT_MD]]
 
+  // CHECK-TRAP:      %[[SHIFTED_OUT_WIDTH:.*]] = sub nuw nsw i32 31, %[[RHS]]
+  // CHECK-TRAP-NEXT: %[[SHIFTED_OUT:.*]] = lshr i32 %[[LHS:.*]], %[[SHIFTED_OUT_WIDTH]]
+  // CHECK-TRAP-NEXT: %[[NO_OVERFLOW:.*]] = icmp eq i32 %[[SHIFTED_OUT]], 0
+  // CHECK-TRAP-NEXT: br i1 %[[NO_OVERFLOW]]
+
   // CHECK:      %[[ARG1:.*]] = zext
   // CHECK-NEXT: %[[ARG2:.*]] = zext
   // CHECK-NEXT: call void @__ubsan_handle_shift_out_of_bounds(i8* bitcast ({{.*}} @[[LINE_300_B]] to i8*), i64 %[[ARG1]], i64 %[[ARG2]])
 
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
+
   // CHECK:      %[[RET:.*]] = shl i32 %[[LHS]], %[[RHS]]
   // CHECK-NEXT: ret i32 %[[RET]]
+
+  // CHECK-TRAP:      %[[RET:.*]] = shl i32 %[[LHS]], %[[RHS]]
+  // CHECK-TRAP-NEXT: ret i32 %[[RET]]
 #line 300
   return a << b;
 }
 
 // CHECK: @rsh_inbounds
+// CHECK-TRAP: @rsh_inbounds
 int rsh_inbounds(int a, int b) {
   // CHECK:      %[[INBOUNDS:.*]] = icmp ule i32 %[[RHS:.*]], 31
   // CHECK:      br i1 %[[INBOUNDS]]
 
+  // CHECK-TRAP: %[[INBOUNDS:.*]] = icmp ule i32 %[[RHS:.*]], 31
+  // CHECK-TRAP: br i1 %[[INBOUNDS]]
+
   // CHECK:      %[[ARG1:.*]] = zext
   // CHECK-NEXT: %[[ARG2:.*]] = zext
   // CHECK-NEXT: call void @__ubsan_handle_shift_out_of_bounds(i8* bitcast ({{.*}} @[[LINE_400]] to i8*), i64 %[[ARG1]], i64 %[[ARG2]])
 
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
+
   // CHECK:      %[[RET:.*]] = ashr i32 %[[LHS]], %[[RHS]]
   // CHECK-NEXT: ret i32 %[[RET]]
+
+  // CHECK-TRAP:      %[[RET:.*]] = ashr i32 %[[LHS]], %[[RHS]]
+  // CHECK-TRAP-NEXT: ret i32 %[[RET]]
 #line 400
   return a >> b;
 }
 
 // CHECK: @load
+// CHECK-TRAP: @load
 int load(int *p) {
   // CHECK: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_500]] to i8*), i64 %{{.*}})
+
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
 #line 500
   return *p;
 }
 
 // CHECK: @store
+// CHECK-TRAP: @store
 void store(int *p, int q) {
   // CHECK: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_600]] to i8*), i64 %{{.*}})
+
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
 #line 600
   *p = q;
 }
@@ -129,22 +195,31 @@ void store(int *p, int q) {
 struct S { int k; };
 
 // CHECK: @member_access
+// CHECK-TRAP: @member_access
 int *member_access(struct S *p) {
   // CHECK: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_700]] to i8*), i64 %{{.*}})
+
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
 #line 700
   return &p->k;
 }
 
 // CHECK: @signed_overflow
+// CHECK-TRAP: @signed_overflow
 int signed_overflow(int a, int b) {
   // CHECK:      %[[ARG1:.*]] = zext
   // CHECK-NEXT: %[[ARG2:.*]] = zext
   // CHECK-NEXT: call void @__ubsan_handle_add_overflow(i8* bitcast ({{.*}} @[[LINE_800]] to i8*), i64 %[[ARG1]], i64 %[[ARG2]])
+
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
 #line 800
   return a + b;
 }
 
 // CHECK: @no_return
+// CHECK-TRAP: @no_return
 int no_return() {
   // Reaching the end of a noreturn function is fine in C.
   // FIXME: If the user explicitly requests -fsanitize=return, we should catch
@@ -152,6 +227,10 @@ int no_return() {
   // CHECK-NOT: call
   // CHECK-NOT: unreachable
   // CHECK: ret i32
+
+  // CHECK-TRAP-NOT: call
+  // CHECK-TRAP-NOT: unreachable
+  // CHECK-TRAP: ret i32
 }
 
 // CHECK: @vla_bound
@@ -171,55 +250,107 @@ float int_float_no_overflow(__int128 n) {
 }
 
 // CHECK: @int_float_overflow
+// CHECK-TRAP: @int_float_overflow
 float int_float_overflow(unsigned __int128 n) {
   // This is 2**104. FLT_MAX is 2**128 - 2**104.
   // CHECK: icmp ule i128 %{{.*}}, -20282409603651670423947251286016
   // CHECK: call void @__ubsan_handle_float_cast_overflow(
+
+  // CHECK-TRAP: %[[INBOUNDS:.*]] = icmp ule i128 %{{.*}}, -20282409603651670423947251286016
+  // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
+
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
   return n;
 }
 
 // CHECK: @int_fp16_overflow
+// CHECK-TRAP: @int_fp16_overflow
 void int_fp16_overflow(int n, __fp16 *p) {
   // CHECK: %[[GE:.*]] = icmp sge i32 %{{.*}}, -65504
   // CHECK: %[[LE:.*]] = icmp sle i32 %{{.*}}, 65504
   // CHECK: and i1 %[[GE]], %[[LE]]
   // CHECK: call void @__ubsan_handle_float_cast_overflow(
+
+  // CHECK-TRAP: %[[GE:.*]] = icmp sge i32 %{{.*}}, -65504
+  // CHECK-TRAP: %[[LE:.*]] = icmp sle i32 %{{.*}}, 65504
+  // CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]]
+  // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
+
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
   *p = n;
 }
 
 // CHECK: @float_int_overflow
+// CHECK-TRAP: @float_int_overflow
 int float_int_overflow(float f) {
   // CHECK: %[[GE:.*]] = fcmp oge float %[[F:.*]], 0xC1E0000000000000
   // CHECK: %[[LE:.*]] = fcmp ole float %[[F]], 0x41DFFFFFE0000000
   // CHECK: and i1 %[[GE]], %[[LE]]
   // CHECK: call void @__ubsan_handle_float_cast_overflow(
+
+  // CHECK-TRAP: %[[GE:.*]] = fcmp oge float %[[F:.*]], 0xC1E0000000000000
+  // CHECK-TRAP: %[[LE:.*]] = fcmp ole float %[[F]], 0x41DFFFFFE0000000
+  // CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]]
+  // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
+
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
   return f;
 }
 
 // CHECK: @float_uint_overflow
+// CHECK-TRAP: @float_uint_overflow
 unsigned float_uint_overflow(float f) {
   // CHECK: %[[GE:.*]] = fcmp oge float %[[F:.*]], 0.{{0*}}e+00
   // CHECK: %[[LE:.*]] = fcmp ole float %[[F]], 0x41EFFFFFE0000000
   // CHECK: and i1 %[[GE]], %[[LE]]
   // CHECK: call void @__ubsan_handle_float_cast_overflow(
+
+  // CHECK-TRAP: %[[GE:.*]] = fcmp oge float %[[F:.*]], 0.{{0*}}e+00
+  // CHECK-TRAP: %[[LE:.*]] = fcmp ole float %[[F]], 0x41EFFFFFE0000000
+  // CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]]
+  // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
+
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
   return f;
 }
 
 // CHECK: @fp16_char_overflow
+// CHECK-TRAP: @fp16_char_overflow
 signed char fp16_char_overflow(__fp16 *p) {
   // CHECK: %[[GE:.*]] = fcmp oge float %[[F:.*]], -1.28{{0*}}e+02
   // CHECK: %[[LE:.*]] = fcmp ole float %[[F]], 1.27{{0*}}e+02
   // CHECK: and i1 %[[GE]], %[[LE]]
   // CHECK: call void @__ubsan_handle_float_cast_overflow(
+
+  // CHECK-TRAP: %[[GE:.*]] = fcmp oge float %[[F:.*]], -1.28{{0*}}e+02
+  // CHECK-TRAP: %[[LE:.*]] = fcmp ole float %[[F]], 1.27{{0*}}e+02
+  // CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]]
+  // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
+
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
   return *p;
 }
 
 // CHECK: @float_float_overflow
+// CHECK-TRAP: @float_float_overflow
 float float_float_overflow(double f) {
   // CHECK: %[[GE:.*]] = fcmp oge double %[[F:.*]], 0xC7EFFFFFE0000000
   // CHECK: %[[LE:.*]] = fcmp ole double %[[F]], 0x47EFFFFFE0000000
   // CHECK: and i1 %[[GE]], %[[LE]]
   // CHECK: call void @__ubsan_handle_float_cast_overflow(
+
+  // CHECK-TRAP: %[[GE:.*]] = fcmp oge double %[[F:.*]], 0xC7EFFFFFE0000000
+  // CHECK-TRAP: %[[LE:.*]] = fcmp ole double %[[F]], 0x47EFFFFFE0000000
+  // CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]]
+  // CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
+
+  // CHECK-TRAP:      call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP-NEXT: unreachable
   return f;
 }
 
@@ -228,6 +359,7 @@ float float_float_overflow(double f) {
 int int_divide_overflow(int a, int b) {
   // CHECK:               %[[ZERO:.*]] = icmp ne i32 %[[B:.*]], 0
   // CHECK-OVERFLOW-NOT:  icmp ne i32 %{{.*}}, 0
+  // CHECK-TRAP:          %[[ZERO:.*]] = icmp ne i32 %[[B:.*]], 0
 
   // CHECK:               %[[AOK:.*]] = icmp ne i32 %[[A:.*]], -2147483648
   // CHECK-NEXT:          %[[BOK:.*]] = icmp ne i32 %[[B]], -1
@@ -237,14 +369,25 @@ int int_divide_overflow(int a, int b) {
   // CHECK-OVERFLOW-NEXT: %[[BOK:.*]] = icmp ne i32 %[[B:.*]], -1
   // CHECK-OVERFLOW-NEXT: %[[OK:.*]] = or i1 %[[AOK]], %[[BOK]]
 
+  // CHECK-TRAP:          %[[AOK:.*]] = icmp ne i32 %[[A:.*]], -2147483648
+  // CHECK-TRAP-NEXT:     %[[BOK:.*]] = icmp ne i32 %[[B]], -1
+  // CHECK-TRAP-NEXT:     %[[OVER:.*]] = or i1 %[[AOK]], %[[BOK]]
+
   // CHECK:               %[[OK:.*]] = and i1 %[[ZERO]], %[[OVER]]
 
   // CHECK:               br i1 %[[OK]]
   // CHECK-OVERFLOW:      br i1 %[[OK]]
+
+  // CHECK-TRAP:          %[[OK:.*]] = and i1 %[[ZERO]], %[[OVER]]
+  // CHECK-TRAP:          br i1 %[[OK]]
+
+  // CHECK-TRAP: call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP: unreachable
   return a / b;
 
   // CHECK:          }
   // CHECK-OVERFLOW: }
+  // CHECK-TRAP:     }
 }
 
 // CHECK: @sour_bool
@@ -252,6 +395,12 @@ _Bool sour_bool(_Bool *p) {
   // CHECK: %[[OK:.*]] = icmp ule i8 {{.*}}, 1
   // CHECK: br i1 %[[OK]]
   // CHECK: call void @__ubsan_handle_load_invalid_value(i8* bitcast ({{.*}}), i64 {{.*}})
+
+  // CHECK-TRAP: %[[OK:.*]] = icmp ule i8 {{.*}}, 1
+  // CHECK-TRAP: br i1 %[[OK]]
+
+  // CHECK-TRAP: call void @llvm.trap() noreturn nounwind
+  // CHECK-TRAP: unreachable
   return *p;
 }
 

clang/test/Driver/fsanitize.c

@@ -1,4 +1,9 @@
-// RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED
+// RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
+// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
+// RUN: %clang -target x86_64-linux-gnu -fsanitize-undefined-trap-on-error -fsanitize=undefined-trap %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
+// CHECK-UNDEFINED-TRAP: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|object-size|float-cast-overflow|bounds|enum|bool),?){14}"}}
+// CHECK-UNDEFINED-TRAP: "-fsanitize-undefined-trap-on-error"
+
 // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED
 // CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|bounds|enum|bool),?){15}"}}
 
@@ -11,6 +16,18 @@
 // RUN: %clang -target x86_64-linux-gnu -fsanitize=address-full %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-FULL
 // CHECK-ASAN-FULL: "-fsanitize={{((address|init-order|use-after-return|use-after-scope),?){4}"}}
 
+// RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior -fno-sanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-NO-TRAP-ERROR
+// CHECK-UNDEFINED-NO-TRAP-ERROR: '-fcatch-undefined-behavior' not allowed with '-fno-sanitize-undefined-trap-on-error'
+
+// RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fcatch-undefined-behavior %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-UNDEF-ERROR
+// CHECK-VPTR-UNDEF-ERROR: '-fsanitize=vptr' not allowed with '-fcatch-undefined-behavior'
+
+// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF
+// CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF: '-fsanitize=undefined' not allowed with '-fsanitize-undefined-trap-on-error'
+
+// RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP-ON-ERROR-VPTR
+// CHECK-UNDEFINED-TRAP-ON-ERROR-VPTR: '-fsanitize=vptr' not allowed with '-fsanitize-undefined-trap-on-error'
+
 // RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-NO-RTTI
 // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-NO-RTTI
 // CHECK-VPTR-NO-RTTI: '-fsanitize=vptr' not allowed with '-fno-rtti'
@@ -64,7 +81,7 @@
 // OK
 
 // RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior -fthread-sanitizer -fno-thread-sanitizer -faddress-sanitizer -fno-address-sanitizer -fbounds-checking -### %s 2>&1 | FileCheck %s --check-prefix=CHECK-DEPRECATED
-// CHECK-DEPRECATED: argument '-fcatch-undefined-behavior' is deprecated, use '-fsanitize=undefined' instead
+// CHECK-DEPRECATED: argument '-fcatch-undefined-behavior' is deprecated, use '-fsanitize=undefined-trap -fsanitize-undefined-trap-on-error' instead
 // CHECK-DEPRECATED: argument '-fthread-sanitizer' is deprecated, use '-fsanitize=thread' instead
 // CHECK-DEPRECATED: argument '-fno-thread-sanitizer' is deprecated, use '-fno-sanitize=thread' instead
 // CHECK-DEPRECATED: argument '-faddress-sanitizer' is deprecated, use '-fsanitize=address' instead