Commit Graph

1147 Commits

Author SHA1 Message Date
Peter Collingbourne 1a7488afaa Implement CFI type checks for non-virtual calls.
This uses the same class metadata currently used for virtual call and
cast checks.

The new flag is -fsanitize=cfi-nvcall. For consistency, the -fsanitize=cfi-vptr
flag has been renamed -fsanitize=cfi-vcall.

Differential Revision: http://reviews.llvm.org/D8756

llvm-svn: 233874
2015-04-02 00:23:30 +00:00
Richard Smith 8f4d3ff146 [modules] Restrict the module use-declaration to only appear in top-level
modules, and allow sub-modules of a module with a use-declaration to make use
of the nominated modules.

llvm-svn: 233323
2015-03-26 22:10:01 +00:00
Alexey Samsonov ecf380ef3b [UBSan] Don't allow to use UBSan with anything except for ASan.
We are not able to make a reliable solution for using UBSan together
with other sanitizers with runtime support (and sanitizer_common).
Instead, we want to follow the path used for LSan: have a "standalone"
UBSan tool, and plug-in UBSan that would be explicitly embedded into
specific sanitizers (in short term, it will be only ASan).

llvm-svn: 232829
2015-03-20 18:45:06 +00:00
Reid Kleckner 7ffc3fbb2f C++14: Disable sized deallocation by default due to ABI breakage
There are no widely deployed standard libraries providing sized
deallocation functions, so we have to punt and ask the user if they want
us to use sized deallocation. In the future, when such libraries are
deployed, we can teach the driver to detect them and enable this
feature.

N3536 claimed that a weak thunk from sized to unsized deallocation could
be emitted to avoid breaking backwards compatibility with standard
libraries not providing sized deallocation. However, this approach and
other variations don't work in practice.

With the weak function approach, the thunk has to have default
visibility in order to ensure that it is overridden by other DSOs
providing sized deallocation. Weak, default visibility symbols are
particularly expensive on MachO, so John McCall was considering
disabling this feature by default on Darwin. It also changes behavior
ELF linking behavior, causing certain otherwise unreferenced object
files from an archive to be pulled into the link.

Our second approach was to use an extern_weak function declaration and
do an inline conditional branch at the deletion call site. This doesn't
work because extern_weak only works on MachO if you have some archive
providing the default value of the extern_weak symbol. Arranging to
provide such an archive has the same challenges as providing the symbol
in the standard library. Not to mention that extern_weak doesn't really
work on COFF.

Reviewers: rsmith, rjmccall

Differential Revision: http://reviews.llvm.org/D8467

llvm-svn: 232788
2015-03-20 00:31:07 +00:00
Peter Collingbourne d2926c91d5 Implement bad cast checks using control flow integrity information.
This scheme checks that pointer and lvalue casts are made to an object of
the correct dynamic type; that is, the dynamic type of the object must be
a derived class of the pointee type of the cast. The checks are currently
only introduced where the class being casted to is a polymorphic class.

Differential Revision: http://reviews.llvm.org/D8312

llvm-svn: 232241
2015-03-14 02:42:25 +00:00
Nico Weber bdae5c390c Remove duplicate "the". N+1 redundancy is not useful here.
llvm-svn: 232086
2015-03-12 19:35:34 +00:00
Logan Chien 0d59d603ef [docs] Update the doxygen configuration file.
Update the doxygen configuration file and the Makefile build rules
to provide better output (simply use the default stylesheet and template
from the Doxygen distribution.)

This CL has upgrade doxygen.cfg.in to Doxygen 1.8.6.

llvm-svn: 232066
2015-03-12 17:27:53 +00:00
Logan Chien 6f43a4fa25 [docs] Replace the doxygen qch option properly.
llvm-svn: 232065
2015-03-12 17:27:19 +00:00
Peter Collingbourne 6e7908ddb7 docs: Document byte arrays.
llvm-svn: 231994
2015-03-12 00:30:41 +00:00
David Majnemer f4d9a5a964 MS ABI: Mark 'throw' as implemented in the compatibility doc
llvm-svn: 231953
2015-03-11 18:38:51 +00:00
Ben Langmuir 921f2e6746 Document __has_feature(modules) in LanguageExtensions
Fixes PR18985

Patch by Vassil Vassilev!

llvm-svn: 231789
2015-03-10 14:39:26 +00:00
Alexey Samsonov 21d2dda3d2 [UBSan] Split -fsanitize=shift into -fsanitize=shift-base and -fsanitize=shift-exponent.
This is a recommit of r231150, reverted in r231409. Turns out
that -fsanitize=shift-base check implementation only works if the
shift exponent is valid, otherwise it contains undefined behavior
itself.

Make sure we check that exponent is valid before we proceed to
check the base. Make sure that we actually report invalid values
of base or exponent if -fsanitize=shift-base or
-fsanitize=shift-exponent is specified, respectively.

llvm-svn: 231711
2015-03-09 21:50:19 +00:00
Benjamin Kramer 57dd9bd5cc ASTMatchers: Make AST_POLYMORPHIC_SUPPORTED_TYPES a variadic macro
C++11 finally allows us to use this C99 feature.

llvm-svn: 231575
2015-03-07 20:38:15 +00:00
Alexey Samsonov 48a9db034a Revert "[UBSan] Split -fsanitize=shift into -fsanitize=shift-base and -fsanitize=shift-exponent."
It's not that easy. If we're only checking -fsanitize=shift-base we
still need to verify that exponent has sane value, otherwise
UBSan-inserted checks for base will contain undefined behavior
themselves.

llvm-svn: 231409
2015-03-05 21:57:35 +00:00
Alexey Samsonov 783b8174ad [UBSan] Split -fsanitize=shift into -fsanitize=shift-base and -fsanitize=shift-exponent.
-fsanitize=shift is now a group that includes both these checks, so
exisiting users should not be affected.

This change introduces two new UBSan kinds that sanitize only left-hand
side and right-hand side of shift operation. In practice, invalid
exponent value (negative or too large) tends to cause more portability
problems, including inconsistencies between different compilers, crashes
and inadequeate results on non-x86 architectures etc. That is,
-fsanitize=shift-exponent failures should generally be addressed first.

As a bonus, this change simplifies CodeGen implementation for emitting left
shift (separate checks for base and exponent are now merged by the
existing generic logic in EmitCheck()), and LLVM IR for these checks
(the number of basic blocks is reduced).

llvm-svn: 231150
2015-03-03 22:15:35 +00:00
Evgeniy Stepanov 6e09bca0ef [msan] Change track-origins default mode from 1 to 2.
Change -fsanitize-memory-track-origins to be equivalent to
-fsanitize-memory-track-origins=2.

Track-origins=2 provides a lot more detailed reports at the cost of
some additional slowdown (ranging from none to, sometimes, 3x; ~3% average on
SPEC2006).

llvm-svn: 230644
2015-02-26 15:59:30 +00:00
Peter Collingbourne 4b0924dad6 docs: Document CFI padding and all-ones optimizations. Link to viewvc.
llvm-svn: 230588
2015-02-26 00:18:04 +00:00
Ben Langmuir 443aa4b4b0 Allow (Object *)kMyGlobalCFObj casts without bridging
Previously we allowed these casts only for constants declared in system
headers, which we assume are retain/release-neutral. Now also allow them
for constants in user headers, treating them as +0.  Practically, this
means that we will now allow:
id x = (id)kMyGlobalConst;

But unlike with system headers we cannot mix them with +1 values:
id y = (id)(b ? kMyGlobalConst : [Obj newValAtPlusOne]); // error
id z = (id)(b ? kSystemGlobalConst: [Obj newValAtPlusOne]); // OK

Thanks to John for suggesting this improvement.

llvm-svn: 230534
2015-02-25 20:09:06 +00:00
Peter Collingbourne 03054d489e docs: Document optimizations in control flow integrity design doc.
llvm-svn: 230458
2015-02-25 03:35:03 +00:00
Adrian Prantl cbc368c5b5 Revert "Wrap clang module files in a Mach-O, ELF, or COFF container."
llvm-svn: 230454
2015-02-25 02:44:04 +00:00
Adrian Prantl 8bf7af3de8 Wrap clang module files in a Mach-O, ELF, or COFF container.
This is a necessary prerequisite for debugging with modules.
The .pcm files become containers that hold the serialized AST which allows
us to store debug information in the module file that can be shared by all
object files that were built importing the module.

This reapplies r230044 with a fixed configure+make build and updated
dependencies and testcase requirements. Over the last iteration this
version adds
- missing target requirements for testcases that specify an x86 triple,
- a missing clangCodeGen.a dependency to libClang.a in the make build.

rdar://problem/19104245

llvm-svn: 230423
2015-02-25 01:31:45 +00:00
Adrian Prantl a39924a1f8 Revert "Wrap clang module files in a Mach-O, ELF, or COFF container."
This reverts commit r230305.
Off to fix another round of missing dependencies on various platforms.

llvm-svn: 230309
2015-02-24 05:14:17 +00:00
Adrian Prantl fc360dc30b Wrap clang module files in a Mach-O, ELF, or COFF container.
This is a necessary prerequisite for debugging with modules.
The .pcm files become containers that hold the serialized AST which allows
us to store debug information in the module file that can be shared by all
object files that were built importing the module.

rdar://problem/19104245

This reapplies r230044 with a fixed configure+make build and updated
dependencies. Take 3.

llvm-svn: 230305
2015-02-24 04:25:59 +00:00
Peter Collingbourne 0100e6c08c CFI: Improve design doc with larger virtual tables and asm examples.
llvm-svn: 230254
2015-02-23 20:22:17 +00:00
Adrian Prantl 67fbfa3773 Revert "Wrap clang module files in a Mach-O, ELF, or COFF container."
This reverts commit 230099.

The Linux configure+make build variant still needs some work.

llvm-svn: 230103
2015-02-21 00:29:14 +00:00
Adrian Prantl f2b0cd91eb Wrap clang module files in a Mach-O, ELF, or COFF container.
This is a necessary prerequisite for debugging with modules.
The .pcm files become containers that hold the serialized AST which allows
us to store debug information in the module file that can be shared by all
object files that were built importing the module.

rdar://problem/19104245

This reapplies r230044 with a fixed configure+make build and updated
dependencies. Take 2.

llvm-svn: 230089
2015-02-20 23:34:26 +00:00
Adrian Prantl 690b2f7746 Revert "Wrap clang module files in a Mach-O, ELF, or COFF container."
This reverts commit r230067.

Investigating another batch of problems found by the bots.

llvm-svn: 230073
2015-02-20 22:12:19 +00:00
Adrian Prantl b59bc1a528 Wrap clang module files in a Mach-O, ELF, or COFF container.
This is a necessary prerequisite for debugging with modules.
The .pcm files become containers that hold the serialized AST which allows
us to store debug information in the module file that can be shared by all
object files that were built importing the module.

rdar://problem/19104245

This reapplies r230044 with a fixed configure+make build and updated
dependencies.

llvm-svn: 230067
2015-02-20 21:53:12 +00:00
Peter Collingbourne a4ccff3281 Implement Control Flow Integrity for virtual calls.
This patch introduces the -fsanitize=cfi-vptr flag, which enables a control
flow integrity scheme that checks that virtual calls take place using a vptr of
the correct dynamic type. More details in the new docs/ControlFlowIntegrity.rst
file.

It also introduces the -fsanitize=cfi flag, which is currently a synonym for
-fsanitize=cfi-vptr, but will eventually cover all CFI checks implemented
in Clang.

Differential Revision: http://reviews.llvm.org/D7424

llvm-svn: 230055
2015-02-20 20:30:56 +00:00
Adrian Prantl a4f522fa19 Revert "Wrap clang module files in a Mach-O, ELF, or COFF container."
This reverts commit r230044 while dealing with buildbot breakage.

Conflicts:
	test/Modules/module_container.m

llvm-svn: 230052
2015-02-20 20:00:27 +00:00
Adrian Prantl c4091aa74e Wrap clang module files in a Mach-O, ELF, or COFF container.
This is a necessary prerequisite for debugging with modules.
The .pcm files become containers that hold the serialized AST which allows
us to store debug information in the module file that can be shared by all
object files that were built importing the module.

rdar://problem/19104245

llvm-svn: 230044
2015-02-20 19:44:52 +00:00
Manuel Klimek d2e8b04d61 Add -fno-implicit-modules.
If this flag is set, we error out when a module build is required. This is
useful in environments where all required modules are passed via -fmodule-file.

llvm-svn: 230006
2015-02-20 11:44:41 +00:00
Alexey Samsonov 3a433f62fb [docs] Recommend to use CMake for building sanitizers.
llvm-svn: 229754
2015-02-18 22:26:20 +00:00
Matthias Braun 44bf1c9c53 Revert "Remove support for building sanitizers from Makefile/autoconf build."
This reverts commit r229554.

Reverting this commit for now as several apple internal builds still
rely on this functionality.

llvm-svn: 229582
2015-02-17 23:27:37 +00:00
Alexey Samsonov 883a04ade7 Remove support for building sanitizers from Makefile/autoconf build.
They autotools build has a number of missing features, supports less
OS, architectures, build configurations, doesn't have any tests and
is hard to support in sync with CMake build.

llvm-svn: 229554
2015-02-17 21:53:22 +00:00
Alex Denisov 793e0676f0 Fix amount of diagnostic classes
llvm-svn: 228814
2015-02-11 07:56:16 +00:00
Samuel Benzaquen ef621f43ff Add translationUnitDecl matcher.
Summary: Add translationUnitDecl matcher.

Reviewers: alexfh

Subscribers: klimek, cfe-commits

Differential Revision: http://reviews.llvm.org/D7512

llvm-svn: 228694
2015-02-10 14:46:45 +00:00
Yaron Keren 08ee9c803d Replace DeclContext::getNextContext with DeclContext::collectAllContexts
in the Clang CFE Internals Manual (done in r147729).

llvm-svn: 228510
2015-02-07 22:16:16 +00:00
Reid Kleckner ee15ea3560 Fix broken doc link to Clang 3.5 release notes
We appear to use 3.5.0 in the directory structure now. That's probably
unnecessary. We should probably let the micro releases update the docs
for the same minor version.

llvm-svn: 227127
2015-01-26 19:53:16 +00:00
Evgeniy Stepanov 5e927b6285 [msan] Remove MSanDR reference from the manual.
It is no longer supported.

llvm-svn: 227078
2015-01-26 09:17:37 +00:00
Hans Wennborg fb8b408ba0 docs/conf.py: update for 3.7
llvm-svn: 226010
2015-01-14 18:14:05 +00:00
Hans Wennborg 0a7ec77ee0 ReleaseNotes.rst: update to 3.7
The 3.6 release notes are in the 3.6 branch.

llvm-svn: 226009
2015-01-14 18:14:03 +00:00
Roman Divacky ed94e2f455 Mention FreeBSD support.
llvm-svn: 225834
2015-01-13 21:31:03 +00:00
Alexey Samsonov 8845952b54 Reimplement -fsanitize-recover family of flags.
Introduce the following -fsanitize-recover flags:
  - -fsanitize-recover=<list>: Enable recovery for selected checks or
      group of checks. It is forbidden to explicitly list unrecoverable
      sanitizers here (that is, "address", "unreachable", "return").
  - -fno-sanitize-recover=<list>: Disable recovery for selected checks or
     group of checks.
  - -f(no-)?sanitize-recover is now a synonym for
    -f(no-)?sanitize-recover=undefined,integer and will soon be deprecated.

These flags are parsed left to right, and mask of "recoverable"
sanitizer is updated accordingly, much like what we do for -fsanitize= flags.
-fsanitize= and -fsanitize-recover= flag families are independent.

CodeGen change: If there is a single UBSan handler function, responsible
for implementing multiple checks, which have different recoverable setting,
then we emit two handler calls instead of one:
the first one for the set of "unrecoverable" checks, another one - for
set of "recoverable" checks. If all checks implemented by a handler have the
same recoverability setting, then the generated code will be the same.

llvm-svn: 225719
2015-01-12 22:39:12 +00:00
Nico Weber a894e9e070 Fix markup from r224894.
llvm-svn: 224895
2014-12-28 02:12:59 +00:00
Nico Weber 933607f10e Add stub sections about Parse, Sema, CodeGen to the internals manual.
I'd be interested if the paragraph on Parse not knowing much about AST is
something folks agree with.  I think this used to be true after rjmccall removed
the Action interface in r112244 and I believe it's still true, but I'm not sure.
(For example, ParseOpenMP.cpp does include AST/StmtOpenMP.h.  Other than that,
Parse not using AST nodes much seems to be still true, though.)

llvm-svn: 224894
2014-12-28 02:07:26 +00:00
Aaron Ballman 4bfaeba6a9 Amending r223468 with this documentation change.
llvm-svn: 223479
2014-12-05 17:11:49 +00:00
Aaron Ballman a6f759e423 Modify __has_attribute so that it only looks for GNU-style attributes. Removes the ability to look for generic attributes and keywords via this macro, which has the potential to be a breaking change. However, since there is __has_cpp_attribute and __has_declspec_attribute, and given the limited usefulness of querying a generic attribute name regardless of syntax, this seems like the correct path forward.
llvm-svn: 223468
2014-12-05 15:24:55 +00:00
Aaron Ballman 3c0f9b4a7d Added a new preprocessor macro: __has_declspec_attribute. This can be used as a way to determine whether Clang supports a __declspec spelling for a given attribute, similar to __has_attribute and __has_cpp_attribute.
llvm-svn: 223467
2014-12-05 15:05:29 +00:00
Nico Weber 736a993828 Add support for has_feature(cxx_alignof) and has_feature(c_alignof).
r142020 added support for has_feature(cxx_alignas). This does the same for
alignof.

llvm-svn: 223186
2014-12-03 01:25:49 +00:00