maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

[ubsan] Implement the -fcatch-undefined-behavior flag using a trapping 

implementation; this is much more inline with the original implementation
(i.e., pre-ubsan) and does not require run-time library support.

The trapping implementation can be invoked using either '-fcatch-undefined-behavior'
or '-fsanitize=undefined-trap -fsanitize-undefined-trap-on-error', with the latter
being preferred.  Eventually, the -fcatch-undefined-behavior' flag will be removed.

llvm-svn: 173848
This commit is contained in:
Chad Rosier 2013-01-29 23:31:22 +00:00
parent 01edb9d7d1
commit ae229d599b
12 changed files with 251 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
clang/docs/UsersManual.rst
View File

@ -867,6 +867,14 @@ are listed below.
includes all of the checks listed below other than
``unsigned-integer-overflow``.
``-fsanitize=undefined-trap``: This includes all sanitizers
included by ``-fsanitize=undefined``, except those that require
runtime support. This group of sanitizers are generally used
in conjunction with the ``-fsanitize-undefined-trap-on-error``
flag, which causes traps to be emitted, rather than calls to
runtime libraries. This includes all of the checks listed below
other than ``unsigned-integer-overflow`` and ``vptr``.
The following more fine-grained checks are also available:
- ``-fsanitize=alignment``: Use of a misaligned pointer or creation

15
clang/include/clang/Basic/Sanitizers.def
View File

@ -74,15 +74,24 @@ SANITIZER("vptr", Vptr)
// IntegerSanitizer
SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow)
// -fsanitize=undefined (and its alias -fcatch-undefined-behavior). This should
// include all the sanitizers which have low overhead, no ABI or address space
// layout implications, and only catch undefined behavior.
// -fsanitize=undefined includes all the sanitizers which have low overhead, no
// ABI or address space layout implications, and only catch undefined behavior.
SANITIZER_GROUP("undefined", Undefined,
Alignment | Bool | Bounds | Enum | FloatCastOverflow |
FloatDivideByZero | IntegerDivideByZero | Null | ObjectSize |
Return | Shift | SignedIntegerOverflow | Unreachable |
VLABound | Vptr)
// -fsanitize=undefined-trap (and its alias -fcatch-undefined-behavior) includes
// all sanitizers included by -fsanitize=undefined, except those that require
// runtime support. This group is generally used in conjunction with the
// -fsanitize-undefined-trap-on-error flag.
SANITIZER_GROUP("undefined-trap", UndefinedTrap,
Alignment | Bool | Bounds | Enum | FloatCastOverflow |
FloatDivideByZero | IntegerDivideByZero | Null | ObjectSize |
Return | Shift | SignedIntegerOverflow | Unreachable |
VLABound)
SANITIZER_GROUP("integer", Integer,
SignedIntegerOverflow | UnsignedIntegerOverflow | Shift |
IntegerDivideByZero)

4
clang/include/clang/Driver/Options.td
View File

@ -414,6 +414,10 @@ def fsanitize_recover : Flag<["-"], "fsanitize-recover">,
def fno_sanitize_recover : Flag<["-"], "fno-sanitize-recover">,
Group<f_clang_Group>, Flags<[CC1Option]>,
HelpText<"Disable sanitizer check recovery">;
def fsanitize_undefined_trap_on_error : Flag<["-"], "fsanitize-undefined-trap-on-error">,
Group<f_clang_Group>, Flags<[CC1Option]>;
def fno_sanitize_undefined_trap_on_error : Flag<["-"], "fno-sanitize-undefined-trap-on-error">,
Group<f_clang_Group>;
def funsafe_math_optimizations : Flag<["-"], "funsafe-math-optimizations">,
Group<f_Group>;
def fno_unsafe_math_optimizations : Flag<["-"], "fno-unsafe-math-optimizations">,

2
clang/include/clang/Frontend/CodeGenOptions.def
View File

@ -87,6 +87,8 @@ CODEGENOPT(SanitizeAddressZeroBaseShadow , 1, 0) ///< Map shadow memory at zero
///< offset in AddressSanitizer.
CODEGENOPT(SanitizeMemoryTrackOrigins, 1, 0) ///< Enable tracking origins in
///< MemorySanitizer
CODEGENOPT(SanitizeUndefinedTrapOnError, 1, 0) ///< Set on
/// -fsanitize-undefined-trap-on-error
CODEGENOPT(SimplifyLibCalls , 1, 1) ///< Set when -fbuiltin is enabled.
CODEGENOPT(SoftFloat , 1, 0) ///< -soft-float.
CODEGENOPT(StrictEnums , 1, 0) ///< Optimize based on strict enum definition.

9
clang/lib/CodeGen/CGExpr.cpp
View File

@ -1975,6 +1975,13 @@ void CodeGenFunction::EmitCheck(llvm::Value *Checked, StringRef CheckName,
ArrayRef<llvm::Value *> DynamicArgs,
CheckRecoverableKind RecoverKind) {
assert(SanOpts != &SanitizerOptions::Disabled);
if (CGM.getCodeGenOpts().SanitizeUndefinedTrapOnError) {
assert (RecoverKind != CRK_AlwaysRecoverable &&
"Runtime call required for AlwaysRecoverable kind!");
return EmitTrapCheck(Checked);
}
llvm::BasicBlock *Cont = createBasicBlock("cont");
llvm::BasicBlock *Handler = createBasicBlock("handler." + CheckName);
@ -2043,7 +2050,7 @@ void CodeGenFunction::EmitCheck(llvm::Value *Checked, StringRef CheckName,
EmitBlock(Cont);
}
void CodeGenFunction::EmitTrapvCheck(llvm::Value *Checked) {
void CodeGenFunction::EmitTrapCheck(llvm::Value *Checked) {
llvm::BasicBlock *Cont = createBasicBlock("cont");
// If we're optimizing, collapse all calls to trap down to just one per

2
clang/lib/CodeGen/CGExprScalar.cpp
View File

@ -2044,7 +2044,7 @@ Value *ScalarExprEmitter::EmitOverflowCheckedBinOp(const BinOpInfo &Ops) {
if (!isSigned || CGF.SanOpts->SignedIntegerOverflow)
EmitBinOpCheck(Builder.CreateNot(overflow), Ops);
else
CGF.EmitTrapvCheck(Builder.CreateNot(overflow));
CGF.EmitTrapCheck(Builder.CreateNot(overflow));
return result;
}

2
clang/lib/CodeGen/CodeGenFunction.h
View File

@ -2606,7 +2606,7 @@ public:
/// \brief Create a basic block that will call the trap intrinsic, and emit a
/// conditional branch to it, for the -ftrapv checks.
void EmitTrapvCheck(llvm::Value *Checked);
void EmitTrapCheck(llvm::Value *Checked);
/// EmitCallArg - Emit a single call argument.
void EmitCallArg(CallArgList &args, const Expr *E, QualType ArgType);

18
clang/lib/Driver/SanitizerArgs.h
View File

@ -36,25 +36,32 @@ class SanitizerArgs {
NeedsAsanRt = Address,
NeedsTsanRt = Thread,
NeedsMsanRt = Memory,
NeedsUbsanRt = (Undefined & ~Bounds) | Integer
NeedsUbsanRt = (Undefined & ~Bounds) | Integer,
NotAllowedWithTrap = Vptr
};
unsigned Kind;
std::string BlacklistFile;
bool MsanTrackOrigins;
bool AsanZeroBaseShadow;
bool UbsanTrapOnError;
public:
SanitizerArgs() : Kind(0), BlacklistFile(""), MsanTrackOrigins(false),
AsanZeroBaseShadow(false) {}
AsanZeroBaseShadow(false), UbsanTrapOnError(false) {}
/// Parses the sanitizer arguments from an argument list.
SanitizerArgs(const Driver &D, const ArgList &Args);
bool needsAsanRt() const { return Kind & NeedsAsanRt; }
bool needsTsanRt() const { return Kind & NeedsTsanRt; }
bool needsMsanRt() const { return Kind & NeedsMsanRt; }
bool needsUbsanRt() const { return Kind & NeedsUbsanRt; }
bool needsUbsanRt() const {
if (UbsanTrapOnError)
return false;
return Kind & NeedsUbsanRt;
}
bool sanitizesVptr() const { return Kind & Vptr; }
bool notAllowedWithTrap() const { return Kind & NotAllowedWithTrap; }
void addArgs(const ArgList &Args, ArgStringList &CmdArgs) const {
if (!Kind)
@ -127,8 +134,9 @@ class SanitizerArgs {
Remove = Thread;
DeprecatedReplacement = "-fno-sanitize=thread";
} else if (A->getOption().matches(options::OPT_fcatch_undefined_behavior)) {
Add = Undefined;
DeprecatedReplacement = "-fsanitize=undefined";
Add = UndefinedTrap;
DeprecatedReplacement =
"-fsanitize=undefined-trap -fsanitize-undefined-trap-on-error";
} else if (A->getOption().matches(options::OPT_fbounds_checking) ||
A->getOption().matches(options::OPT_fbounds_checking_EQ)) {
Add = Bounds;

32
clang/lib/Driver/Tools.cpp
View File

@ -1459,6 +1459,33 @@ SanitizerArgs::SanitizerArgs(const Driver &D, const ArgList &Args)
AllKinds |= Add;
}
UbsanTrapOnError =
Args.hasArg(options::OPT_fcatch_undefined_behavior) ||
Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error,
options::OPT_fno_sanitize_undefined_trap_on_error, false);
if (Args.hasArg(options::OPT_fcatch_undefined_behavior) &&
!Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error,
options::OPT_fno_sanitize_undefined_trap_on_error, true)) {
D.Diag(diag::err_drv_argument_not_allowed_with)
<< "-fcatch-undefined-behavior"
<< "-fno-sanitize-undefined-trap-on-error";
}
// Warn about undefined sanitizer options that require runtime support.
if (UbsanTrapOnError && notAllowedWithTrap()) {
if (Args.hasArg(options::OPT_fcatch_undefined_behavior))
D.Diag(diag::err_drv_argument_not_allowed_with)
<< lastArgumentForKind(D, Args, NotAllowedWithTrap)
<< "-fcatch-undefined-behavior";
else if (Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error,
options::OPT_fno_sanitize_undefined_trap_on_error,
false))
D.Diag(diag::err_drv_argument_not_allowed_with)
<< lastArgumentForKind(D, Args, NotAllowedWithTrap)
<< "-fsanitize-undefined-trap-on-error";
}
// Only one runtime library can be used at once.
bool NeedsAsan = needsAsanRt();
bool NeedsTsan = needsTsanRt();
@ -2501,6 +2528,11 @@ void Clang::ConstructJob(Compilation &C, const JobAction &JA,
true))
CmdArgs.push_back("-fno-sanitize-recover");
if (Args.hasArg(options::OPT_fcatch_undefined_behavior) ||
Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error,
options::OPT_fno_sanitize_undefined_trap_on_error, false))
CmdArgs.push_back("-fsanitize-undefined-trap-on-error");
// Report and error for -faltivec on anything other then PowerPC.
if (const Arg *A = Args.getLastArg(options::OPT_faltivec))
if (!(getToolChain().getTriple().getArch() == llvm::Triple::ppc ||

2
clang/lib/Frontend/CompilerInvocation.cpp
View File

@ -392,6 +392,8 @@ static bool ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args, InputKind IK,
Args.hasArg(OPT_fsanitize_memory_track_origins);
Opts.SanitizeAddressZeroBaseShadow =
Args.hasArg(OPT_fsanitize_address_zero_base_shadow);
Opts.SanitizeUndefinedTrapOnError =
Args.hasArg(OPT_fsanitize_undefined_trap_on_error);
Opts.SSPBufferSize =
Args.getLastArgIntValue(OPT_stack_protector_buffer_size, 8, Diags);
Opts.StackRealignment = Args.hasArg(OPT_mstackrealign);

149
clang/test/CodeGen/catch-undef-behavior.c
View File

@ -1,4 +1,5 @@
// RUN: %clang_cc1 -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s
// RUN: %clang_cc1 -fsanitize-undefined-trap-on-error -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-TRAP
// RUN: %clang_cc1 -fsanitize=null -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-NULL
// RUN: %clang_cc1 -fsanitize=signed-integer-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-OVERFLOW
@ -24,25 +25,42 @@
// PR6805
// CHECK: @foo
// CHECK-NULL: @foo
// CHECK-TRAP: @foo
void foo() {
union { int i; } u;
// CHECK: %[[CHECK0:.*]] = icmp ne {{.*}}* %[[PTR:.*]], null
// CHECK-TRAP: %[[CHECK0:.*]] = icmp ne {{.*}}* %[[PTR:.*]], null
// CHECK: %[[I8PTR:.*]] = bitcast i32* %[[PTR]] to i8*
// CHECK-NEXT: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64(i8* %[[I8PTR]], i1 false)
// CHECK-NEXT: %[[CHECK1:.*]] = icmp uge i64 %[[SIZE]], 4
// CHECK-NEXT: %[[CHECK01:.*]] = and i1 %[[CHECK0]], %[[CHECK1]]
// CHECK-TRAP: %[[I8PTR:.*]] = bitcast i32* %[[PTR]] to i8*
// CHECK-TRAP-NEXT: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64(i8* %[[I8PTR]], i1 false)
// CHECK-TRAP-NEXT: %[[CHECK1:.*]] = icmp uge i64 %[[SIZE]], 4
// CHECK-TRAP-NEXT: %[[CHECK01:.*]] = and i1 %[[CHECK0]], %[[CHECK1]]
// CHECK: %[[PTRTOINT:.*]] = ptrtoint {{.*}}* %[[PTR]] to i64
// CHECK-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRTOINT]], 3
// CHECK-NEXT: %[[CHECK2:.*]] = icmp eq i64 %[[MISALIGN]], 0
// CHECK-TRAP: %[[PTRTOINT:.*]] = ptrtoint {{.*}}* %[[PTR]] to i64
// CHECK-TRAP-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRTOINT]], 3
// CHECK-TRAP-NEXT: %[[CHECK2:.*]] = icmp eq i64 %[[MISALIGN]], 0
// CHECK: %[[OK:.*]] = and i1 %[[CHECK01]], %[[CHECK2]]
// CHECK-NEXT: br i1 %[[OK]], {{.*}} !prof ![[WEIGHT_MD:.*]]
// CHECK-TRAP: %[[OK:.*]] = and i1 %[[CHECK01]], %[[CHECK2]]
// CHECK-TRAP-NEXT: br i1 %[[OK]], {{.*}}
// CHECK: %[[ARG:.*]] = ptrtoint {{.*}} %[[PTR]] to i64
// CHECK-NEXT: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_100]] to i8*), i64 %[[ARG]])
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
// With -fsanitize=null, only perform the null check.
// CHECK-NULL: %[[NULL:.*]] = icmp ne {{.*}}, null
// CHECK-NULL: br i1 %[[NULL]]
@ -52,16 +70,28 @@ void foo() {
}
// CHECK: @bar
// CHECK-TRAP: @bar
int bar(int *a) {
// CHECK: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64
// CHECK-NEXT: icmp uge i64 %[[SIZE]], 4
// CHECK-TRAP: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64
// CHECK-TRAP-NEXT: icmp uge i64 %[[SIZE]], 4
// CHECK: %[[PTRINT:.*]] = ptrtoint
// CHECK-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRINT]], 3
// CHECK-NEXT: icmp eq i64 %[[MISALIGN]], 0
// CHECK-TRAP: %[[PTRINT:.*]] = ptrtoint
// CHECK-TRAP-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRINT]], 3
// CHECK-TRAP-NEXT: icmp eq i64 %[[MISALIGN]], 0
// CHECK: %[[ARG:.*]] = ptrtoint
// CHECK-NEXT: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_200]] to i8*), i64 %[[ARG]])
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
#line 200
return *a;
}
@ -73,55 +103,91 @@ int addr_space(int __attribute__((address_space(256))) *a) {
}
// CHECK: @lsh_overflow
// CHECK-TRAP: @lsh_overflow
int lsh_overflow(int a, int b) {
// CHECK: %[[INBOUNDS:.*]] = icmp ule i32 %[[RHS:.*]], 31
// CHECK-NEXT: br i1 %[[INBOUNDS]]
// CHECK-TRAP: %[[INBOUNDS:.*]] = icmp ule i32 %[[RHS:.*]], 31
// CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
// FIXME: Only emit one trap block here.
// CHECK: %[[ARG1:.*]] = zext
// CHECK-NEXT: %[[ARG2:.*]] = zext
// CHECK-NEXT: call void @__ubsan_handle_shift_out_of_bounds(i8* bitcast ({{.*}} @[[LINE_300_A]] to i8*), i64 %[[ARG1]], i64 %[[ARG2]])
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
// CHECK: %[[SHIFTED_OUT_WIDTH:.*]] = sub nuw nsw i32 31, %[[RHS]]
// CHECK-NEXT: %[[SHIFTED_OUT:.*]] = lshr i32 %[[LHS:.*]], %[[SHIFTED_OUT_WIDTH]]
// CHECK-NEXT: %[[NO_OVERFLOW:.*]] = icmp eq i32 %[[SHIFTED_OUT]], 0
// CHECK-NEXT: br i1 %[[NO_OVERFLOW]], {{.*}} !prof ![[WEIGHT_MD]]
// CHECK-TRAP: %[[SHIFTED_OUT_WIDTH:.*]] = sub nuw nsw i32 31, %[[RHS]]
// CHECK-TRAP-NEXT: %[[SHIFTED_OUT:.*]] = lshr i32 %[[LHS:.*]], %[[SHIFTED_OUT_WIDTH]]
// CHECK-TRAP-NEXT: %[[NO_OVERFLOW:.*]] = icmp eq i32 %[[SHIFTED_OUT]], 0
// CHECK-TRAP-NEXT: br i1 %[[NO_OVERFLOW]]
// CHECK: %[[ARG1:.*]] = zext
// CHECK-NEXT: %[[ARG2:.*]] = zext
// CHECK-NEXT: call void @__ubsan_handle_shift_out_of_bounds(i8* bitcast ({{.*}} @[[LINE_300_B]] to i8*), i64 %[[ARG1]], i64 %[[ARG2]])
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
// CHECK: %[[RET:.*]] = shl i32 %[[LHS]], %[[RHS]]
// CHECK-NEXT: ret i32 %[[RET]]
// CHECK-TRAP: %[[RET:.*]] = shl i32 %[[LHS]], %[[RHS]]
// CHECK-TRAP-NEXT: ret i32 %[[RET]]
#line 300
return a << b;
}
// CHECK: @rsh_inbounds
// CHECK-TRAP: @rsh_inbounds
int rsh_inbounds(int a, int b) {
// CHECK: %[[INBOUNDS:.*]] = icmp ule i32 %[[RHS:.*]], 31
// CHECK: br i1 %[[INBOUNDS]]
// CHECK-TRAP: %[[INBOUNDS:.*]] = icmp ule i32 %[[RHS:.*]], 31
// CHECK-TRAP: br i1 %[[INBOUNDS]]
// CHECK: %[[ARG1:.*]] = zext
// CHECK-NEXT: %[[ARG2:.*]] = zext
// CHECK-NEXT: call void @__ubsan_handle_shift_out_of_bounds(i8* bitcast ({{.*}} @[[LINE_400]] to i8*), i64 %[[ARG1]], i64 %[[ARG2]])
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
// CHECK: %[[RET:.*]] = ashr i32 %[[LHS]], %[[RHS]]
// CHECK-NEXT: ret i32 %[[RET]]
// CHECK-TRAP: %[[RET:.*]] = ashr i32 %[[LHS]], %[[RHS]]
// CHECK-TRAP-NEXT: ret i32 %[[RET]]
#line 400
return a >> b;
}
// CHECK: @load
// CHECK-TRAP: @load
int load(int *p) {
// CHECK: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_500]] to i8*), i64 %{{.*}})
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
#line 500
return *p;
}
// CHECK: @store
// CHECK-TRAP: @store
void store(int *p, int q) {
// CHECK: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_600]] to i8*), i64 %{{.*}})
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
#line 600
*p = q;
}
@ -129,22 +195,31 @@ void store(int *p, int q) {
struct S { int k; };
// CHECK: @member_access
// CHECK-TRAP: @member_access
int *member_access(struct S *p) {
// CHECK: call void @__ubsan_handle_type_mismatch(i8* bitcast ({{.*}} @[[LINE_700]] to i8*), i64 %{{.*}})
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
#line 700
return &p->k;
}
// CHECK: @signed_overflow
// CHECK-TRAP: @signed_overflow
int signed_overflow(int a, int b) {
// CHECK: %[[ARG1:.*]] = zext
// CHECK-NEXT: %[[ARG2:.*]] = zext
// CHECK-NEXT: call void @__ubsan_handle_add_overflow(i8* bitcast ({{.*}} @[[LINE_800]] to i8*), i64 %[[ARG1]], i64 %[[ARG2]])
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
#line 800
return a + b;
}
// CHECK: @no_return
// CHECK-TRAP: @no_return
int no_return() {
// Reaching the end of a noreturn function is fine in C.
// FIXME: If the user explicitly requests -fsanitize=return, we should catch
@ -152,6 +227,10 @@ int no_return() {
// CHECK-NOT: call
// CHECK-NOT: unreachable
// CHECK: ret i32
// CHECK-TRAP-NOT: call
// CHECK-TRAP-NOT: unreachable
// CHECK-TRAP: ret i32
}
// CHECK: @vla_bound
@ -171,55 +250,107 @@ float int_float_no_overflow(__int128 n) {
}
// CHECK: @int_float_overflow
// CHECK-TRAP: @int_float_overflow
float int_float_overflow(unsigned __int128 n) {
// This is 2**104. FLT_MAX is 2**128 - 2**104.
// CHECK: icmp ule i128 %{{.*}}, -20282409603651670423947251286016
// CHECK: call void @__ubsan_handle_float_cast_overflow(
// CHECK-TRAP: %[[INBOUNDS:.*]] = icmp ule i128 %{{.*}}, -20282409603651670423947251286016
// CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
return n;
}
// CHECK: @int_fp16_overflow
// CHECK-TRAP: @int_fp16_overflow
void int_fp16_overflow(int n, __fp16 *p) {
// CHECK: %[[GE:.*]] = icmp sge i32 %{{.*}}, -65504
// CHECK: %[[LE:.*]] = icmp sle i32 %{{.*}}, 65504
// CHECK: and i1 %[[GE]], %[[LE]]
// CHECK: call void @__ubsan_handle_float_cast_overflow(
// CHECK-TRAP: %[[GE:.*]] = icmp sge i32 %{{.*}}, -65504
// CHECK-TRAP: %[[LE:.*]] = icmp sle i32 %{{.*}}, 65504
// CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]]
// CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
*p = n;
}
// CHECK: @float_int_overflow
// CHECK-TRAP: @float_int_overflow
int float_int_overflow(float f) {
// CHECK: %[[GE:.*]] = fcmp oge float %[[F:.*]], 0xC1E0000000000000
// CHECK: %[[LE:.*]] = fcmp ole float %[[F]], 0x41DFFFFFE0000000
// CHECK: and i1 %[[GE]], %[[LE]]
// CHECK: call void @__ubsan_handle_float_cast_overflow(
// CHECK-TRAP: %[[GE:.*]] = fcmp oge float %[[F:.*]], 0xC1E0000000000000
// CHECK-TRAP: %[[LE:.*]] = fcmp ole float %[[F]], 0x41DFFFFFE0000000
// CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]]
// CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
return f;
}
// CHECK: @float_uint_overflow
// CHECK-TRAP: @float_uint_overflow
unsigned float_uint_overflow(float f) {
// CHECK: %[[GE:.*]] = fcmp oge float %[[F:.*]], 0.{{0*}}e+00
// CHECK: %[[LE:.*]] = fcmp ole float %[[F]], 0x41EFFFFFE0000000
// CHECK: and i1 %[[GE]], %[[LE]]
// CHECK: call void @__ubsan_handle_float_cast_overflow(
// CHECK-TRAP: %[[GE:.*]] = fcmp oge float %[[F:.*]], 0.{{0*}}e+00
// CHECK-TRAP: %[[LE:.*]] = fcmp ole float %[[F]], 0x41EFFFFFE0000000
// CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]]
// CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
return f;
}
// CHECK: @fp16_char_overflow
// CHECK-TRAP: @fp16_char_overflow
signed char fp16_char_overflow(__fp16 *p) {
// CHECK: %[[GE:.*]] = fcmp oge float %[[F:.*]], -1.28{{0*}}e+02
// CHECK: %[[LE:.*]] = fcmp ole float %[[F]], 1.27{{0*}}e+02
// CHECK: and i1 %[[GE]], %[[LE]]
// CHECK: call void @__ubsan_handle_float_cast_overflow(
// CHECK-TRAP: %[[GE:.*]] = fcmp oge float %[[F:.*]], -1.28{{0*}}e+02
// CHECK-TRAP: %[[LE:.*]] = fcmp ole float %[[F]], 1.27{{0*}}e+02
// CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]]
// CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
return *p;
}
// CHECK: @float_float_overflow
// CHECK-TRAP: @float_float_overflow
float float_float_overflow(double f) {
// CHECK: %[[GE:.*]] = fcmp oge double %[[F:.*]], 0xC7EFFFFFE0000000
// CHECK: %[[LE:.*]] = fcmp ole double %[[F]], 0x47EFFFFFE0000000
// CHECK: and i1 %[[GE]], %[[LE]]
// CHECK: call void @__ubsan_handle_float_cast_overflow(
// CHECK-TRAP: %[[GE:.*]] = fcmp oge double %[[F:.*]], 0xC7EFFFFFE0000000
// CHECK-TRAP: %[[LE:.*]] = fcmp ole double %[[F]], 0x47EFFFFFE0000000
// CHECK-TRAP: %[[INBOUNDS:.*]] = and i1 %[[GE]], %[[LE]]
// CHECK-TRAP-NEXT: br i1 %[[INBOUNDS]]
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP-NEXT: unreachable
return f;
}
@ -228,6 +359,7 @@ float float_float_overflow(double f) {
int int_divide_overflow(int a, int b) {
// CHECK: %[[ZERO:.*]] = icmp ne i32 %[[B:.*]], 0
// CHECK-OVERFLOW-NOT: icmp ne i32 %{{.*}}, 0
// CHECK-TRAP: %[[ZERO:.*]] = icmp ne i32 %[[B:.*]], 0
// CHECK: %[[AOK:.*]] = icmp ne i32 %[[A:.*]], -2147483648
// CHECK-NEXT: %[[BOK:.*]] = icmp ne i32 %[[B]], -1
@ -237,14 +369,25 @@ int int_divide_overflow(int a, int b) {
// CHECK-OVERFLOW-NEXT: %[[BOK:.*]] = icmp ne i32 %[[B:.*]], -1
// CHECK-OVERFLOW-NEXT: %[[OK:.*]] = or i1 %[[AOK]], %[[BOK]]
// CHECK-TRAP: %[[AOK:.*]] = icmp ne i32 %[[A:.*]], -2147483648
// CHECK-TRAP-NEXT: %[[BOK:.*]] = icmp ne i32 %[[B]], -1
// CHECK-TRAP-NEXT: %[[OVER:.*]] = or i1 %[[AOK]], %[[BOK]]
// CHECK: %[[OK:.*]] = and i1 %[[ZERO]], %[[OVER]]
// CHECK: br i1 %[[OK]]
// CHECK-OVERFLOW: br i1 %[[OK]]
// CHECK-TRAP: %[[OK:.*]] = and i1 %[[ZERO]], %[[OVER]]
// CHECK-TRAP: br i1 %[[OK]]
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP: unreachable
return a / b;
// CHECK: }
// CHECK-OVERFLOW: }
// CHECK-TRAP: }
}
// CHECK: @sour_bool
@ -252,6 +395,12 @@ _Bool sour_bool(_Bool *p) {
// CHECK: %[[OK:.*]] = icmp ule i8 {{.*}}, 1
// CHECK: br i1 %[[OK]]
// CHECK: call void @__ubsan_handle_load_invalid_value(i8* bitcast ({{.*}}), i64 {{.*}})
// CHECK-TRAP: %[[OK:.*]] = icmp ule i8 {{.*}}, 1
// CHECK-TRAP: br i1 %[[OK]]
// CHECK-TRAP: call void @llvm.trap() noreturn nounwind
// CHECK-TRAP: unreachable
return *p;
}

21
clang/test/Driver/fsanitize.c
View File

@ -1,4 +1,9 @@
// RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED
// RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
// RUN: %clang -target x86_64-linux-gnu -fsanitize-undefined-trap-on-error -fsanitize=undefined-trap %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
// CHECK-UNDEFINED-TRAP: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|object-size|float-cast-overflow|bounds|enum|bool),?){14}"}}
// CHECK-UNDEFINED-TRAP: "-fsanitize-undefined-trap-on-error"
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED
// CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|bounds|enum|bool),?){15}"}}
@ -11,6 +16,18 @@
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address-full %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-FULL
// CHECK-ASAN-FULL: "-fsanitize={{((address|init-order|use-after-return|use-after-scope),?){4}"}}
// RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior -fno-sanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-NO-TRAP-ERROR
// CHECK-UNDEFINED-NO-TRAP-ERROR: '-fcatch-undefined-behavior' not allowed with '-fno-sanitize-undefined-trap-on-error'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fcatch-undefined-behavior %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-UNDEF-ERROR
// CHECK-VPTR-UNDEF-ERROR: '-fsanitize=vptr' not allowed with '-fcatch-undefined-behavior'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF
// CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF: '-fsanitize=undefined' not allowed with '-fsanitize-undefined-trap-on-error'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP-ON-ERROR-VPTR
// CHECK-UNDEFINED-TRAP-ON-ERROR-VPTR: '-fsanitize=vptr' not allowed with '-fsanitize-undefined-trap-on-error'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-NO-RTTI
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-NO-RTTI
// CHECK-VPTR-NO-RTTI: '-fsanitize=vptr' not allowed with '-fno-rtti'
@ -64,7 +81,7 @@
// OK
// RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior -fthread-sanitizer -fno-thread-sanitizer -faddress-sanitizer -fno-address-sanitizer -fbounds-checking -### %s 2>&1 | FileCheck %s --check-prefix=CHECK-DEPRECATED
// CHECK-DEPRECATED: argument '-fcatch-undefined-behavior' is deprecated, use '-fsanitize=undefined' instead
// CHECK-DEPRECATED: argument '-fcatch-undefined-behavior' is deprecated, use '-fsanitize=undefined-trap -fsanitize-undefined-trap-on-error' instead
// CHECK-DEPRECATED: argument '-fthread-sanitizer' is deprecated, use '-fsanitize=thread' instead
// CHECK-DEPRECATED: argument '-fno-thread-sanitizer' is deprecated, use '-fno-sanitize=thread' instead
// CHECK-DEPRECATED: argument '-faddress-sanitizer' is deprecated, use '-fsanitize=address' instead