Summary:
This patch implements a new UBSan check, which verifies
that function arguments declared to be nonnull with __attribute__((nonnull))
are actually nonnull in runtime.
To implement this check, we pass FunctionDecl to CodeGenFunction::EmitCallArgs
(where applicable) and if function declaration has nonnull attribute specified
for a certain formal parameter, we compare the corresponding RValue to null as
soon as it's calculated.
Test Plan: regression test suite
Reviewers: rsmith
Reviewed By: rsmith
Subscribers: cfe-commits, rnk
Differential Revision: http://reviews.llvm.org/D5082
llvm-svn: 217389
Summary:
This patch adds a runtime check verifying that functions
annotated with "returns_nonnull" attribute do in fact return nonnull pointers.
It is based on suggestion by Jakub Jelinek:
http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20140623/223693.html.
Test Plan: regression test suite
Reviewers: rsmith
Reviewed By: rsmith
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D4849
llvm-svn: 215485
This object is used to encapsulate all actions that need to be
done before/after printing UBSan diagnostics. Currently these
actions are:
* locking a mutex to ensure that UBSan diagnostics from several
threads won't mix with each other and with other sanitizers'
reports
* killing a program once the report is printed (if necessary).
Use this object in all UBSan handlers. Unify the way we implement
fatal and non-fatal handlers by making all the handlers simple
one-liners that redirect __ubsan_handle_foo(_abort)? to
handleFooImpl().
llvm-svn: 214279
This will ensure that stack frames in error reports will not
contain internal UBSan failures, and frame #0 will be the
actual place in the program where the error happens.
llvm-svn: 214245
We used to initialize symbolizer lazily, but this doesn't work in
various sandboxed environments. Instead, let's be consistent with
the rest of sanitizers.
llvm-svn: 214006
Specifically, use .preinit_array initialization on Linux and dynamic global
initializer on another platforms. Historically UBSan didn't have any
initialization code and its runtime was stateless. This is no longer the
case - UBSan relies on some non-trivial functionality from sanitizer_common
(e.g. online symbolization) and is now configurable by runtime flags.
Additionally, we've dropped support for enabling UBSan only for a few shared
objects, so UBSan is now always linked into the main executable, so now
we can use similar initialization as all the rest sanitizers.
llvm-svn: 213983
This change introduces the first UBSan-specific runtime flag: print_stacktrace
(off by default). It can be set in UBSAN_OPTIONS to unwind and print call stacks
in addition to diagnostic messages. For now these stacks are printed only
in vptr checker.
This change is based on http://reviews.llvm.org/D4410 by Byoungyoung Lee!
llvm-svn: 213783
If UBSan is run in a standalone mode (w/o any other sanitizer), it
still uses functions from sanitizer_common, some of which depend on
the value of runtime flags. Allow to override the default values of these
flags with UBSAN_OPTIONS variable. In particular, UBSAN_OPTIONS=symbolize=0
can be used to turn off online symbolization.
llvm-svn: 213782
Soon there will be an option to build compiler-rt parts as shared libraries
on Linux. Extracted from http://llvm-reviews.chandlerc.com/D3042
by Yuri Gribov.
llvm-svn: 205183
This moves away from creating the symbolizer object and initializing the
external symbolizer as separate steps. Those steps now always take place
together.
Sanitizers with a legacy requirement to specify their own symbolizer path
should use InitSymbolizer to initialize the symbolizer with the desired
path, and GetSymbolizer to access the symbolizer. Sanitizers with no
such requirement (e.g. UBSan) can use GetOrInitSymbolizer with no need for
initialization.
The symbolizer interface has been made thread-safe (as far as I can
tell) by protecting its member functions with mutexes.
Finally, the symbolizer interface no longer relies on weak externals, the
introduction of which was probably a mistake on my part.
Differential Revision: http://llvm-reviews.chandlerc.com/D1985
llvm-svn: 193448
shrink the binary size of the ubsan runtime.
Also fix a bug where long-running processes could eventually trigger a crash in
the runtime by filling up the cache. I've not found a nice way to add a test for
this crasher; ideas welcome.
llvm-svn: 192931
This change adds a Python script that is invoked for
the just-built sanitizer runtime to generate the list of exported symbols
passed to the linker. By default, it contains interceptors and sanitizer
interface functions, but can be extended with tool-specific lists.
llvm-svn: 189356
After r188221, the prefix given by --check-prefix must match with the label
as a whole. Substring is not considered to be a correct label anymore.
llvm-svn: 188227
Now compiler-rt tests run correctly if compiler-rt is checked out into
arbitrary directory (not necessarily projects/compiler-rt).
Patch by Greg Fitzgerald!
llvm-svn: 182726
* libclang_rt-san-* is sanitizer_common, and is linked in only if no other
sanitizer runtime is present.
* libclang_rt-ubsan-* is the piece of the runtime which doesn't depend on
a C++ ABI library, and is always linked in.
* libclang_rt-ubsan_cxx-* is the piece of the runtime which depends on a
C++ ABI library, and is only linked in when linking a C++ binary.
The Darwin ubsan runtime is unchanged.
For more details, see Clang change r177605.
llvm-svn: 177606
Specify weaker memory order in case we optimize for it in the future,
presently still doing same __sync_lock_test_and_set() as before.
Change suggested by Alexey Samsonov, thanks!
llvm-svn: 172429
pointing at the bad location and a snippet of nearby memory values. This is
strictly best-effort; reading these bytes to display the note could lead to a
seg fault, and that's explicitly OK.
llvm-svn: 170415
one out from the return address. Currently, we can only resolve this address to
a file and line number if we have an external symbolizer.
llvm-svn: 170407
If user specifies aborting after a recoverable failed check is
appropriate, frontend should emit call to the _abort variant.
Test this behavior with newly added -fsanitize-recover flag.
llvm-svn: 169113
emulating 128-bit arithmetic on 32-bit x86 targets. This should get the
bootstrap back for GCC 4.6 at least.
Suggestions on better ways to do the detection here are welcome...
llvm-svn: 165863
Alexey Samsonov