Commit Graph

11 Commits

Author SHA1 Message Date
Roman Lebedev 3dd5a298bf
[clang] Annotating C++'s `operator new` with more attributes
Summary:
Right now we annotate C++'s `operator new` with `noalias` attribute,
which very much is healthy for optimizations.

However as per [[ http://eel.is/c++draft/basic.stc.dynamic.allocation | `[basic.stc.dynamic.allocation]` ]],
there are more promises on global `operator new`, namely:
* non-`std::nothrow_t` `operator new` *never* returns `nullptr`
* If `std::align_val_t align` parameter is taken, the pointer will also be `align`-aligned
* ~~global `operator new`-returned pointer is `__STDCPP_DEFAULT_NEW_ALIGNMENT__`-aligned ~~ It's more caveated than that.

Supplying this information may not cause immediate landslide effects
on any specific benchmarks, but it for sure will be healthy for optimizer
in the sense that the IR will better reflect the guarantees provided in the source code.

The caveat is `-fno-assume-sane-operator-new`, which currently prevents emitting `noalias`
attribute, and is automatically passed by Sanitizers ([[ https://bugs.llvm.org/show_bug.cgi?id=16386 | PR16386 ]]) - should it also cover these attributes?
The problem is that the flag is back-end-specific, as seen in `test/Modules/explicit-build-flags.cpp`.
But while it is okay to add `noalias` metadata in backend, we really should be adding at least
the alignment metadata to the AST, since that allows us to perform sema checks on it.

Reviewers: erichkeane, rjmccall, jdoerfert, eugenis, rsmith

Reviewed By: rsmith

Subscribers: xbolva00, jrtc27, atanasyan, nlopes, cfe-commits

Tags: #llvm, #clang

Differential Revision: https://reviews.llvm.org/D73380
2020-02-26 01:37:17 +03:00
Richard Smith 351241c83e Replace Sema-level implementation of -fassume-sane-operator-new with a
CodeGen-level implementation. Instead of adding an attribute to clang's
FunctionDecl, add the IR attribute directly. This means a module built with
this flag is now compatible with code built without it and vice versa.

This change also results in the 'noalias' attribute no longer being added to
calls to operator new in the IR; it's now only added to the declaration. It
also fixes a bug where we failed to add the attribute to the 'nothrow' versions
(because we didn't implicitly declare them, there was no good time to inject a
fake attribute).

llvm-svn: 265728
2016-04-07 21:46:12 +00:00
Aaron Ballman 455f42c9e8 Reverting r216675. This breaks some bots. Before this can be committed again, I have to explore runtime ABI requirements with libc++abi.
llvm-svn: 216677
2014-08-28 17:24:14 +00:00
Aaron Ballman 33375375a4 Throw a std::bad_array_new_length exception when the expression (or constant-expression) passed to operator new[] results in overflow in conformance with [expr.new]p7. Fixes PR11644.
llvm-svn: 216675
2014-08-28 16:48:44 +00:00
John McCall 8ed55a54fd Abstract IR generation of array cookies into the C++ ABI class and
implement ARM array cookies.  Also fix a few unfortunate bugs:
  - throwing dtors in deletes prevented the allocation from being deleted
  - adding the cookie to the new[] size was not being considered for
    overflow (and, more seriously, was screwing up the earlier checks)
  - deleting an array via a pointer to array of class type was not
    causing any destructors to be run and was passing the unadjusted
    pointer to the deallocator
  - lots of address-space problems, in case anyone wants to support
    free store in a variant address space :)

llvm-svn: 112814
2010-09-02 09:58:18 +00:00
Chris Lattner 94027202e0 don't demand names to be on IR.
llvm-svn: 108937
2010-07-20 21:34:36 +00:00
Chris Lattner f2f3870189 Follow the implementation approach suggested by PR6687,
which generates more efficient and more obviously conformant
code.  We now test for overflow of the multiply then force
the result to -1 if so.  On X86, this generates nice code
like this:

__Z4testl:                              ## @_Z4testl
## BB#0:                                ## %entry
	subl	$12, %esp
	movl	$4, %eax
	mull	16(%esp)
	testl	%edx, %edx
	movl	$-1, %ecx
	cmovel	%eax, %ecx
	movl	%ecx, (%esp)
	call	__Znam
	addl	$12, %esp
	ret

llvm-svn: 108927
2010-07-20 21:07:09 +00:00
Chris Lattner 26008e07de implement rdar://5739832 - operator new should check for overflow in multiply,
causing clang to compile this code into something that correctly throws a
length error, fixing a potential integer overflow security attack:

void *test(long N) {
  return new int[N];
}

int main() {
  test(1L << 62);
}

We do this even when exceptions are disabled, because it is better for the
code to abort than for the attack to succeed.

This is heavily based on a patch that Fariborz wrote.

llvm-svn: 108915
2010-07-20 20:19:24 +00:00
John McCall 3155f573f5 Turn access control on by default in -cc1.
Remove -faccess-control from -cc1; add -fno-access-control.
Make the driver pass -fno-access-control by default.
Update a bunch of tests to be correct under access control.

llvm-svn: 100880
2010-04-09 19:03:51 +00:00
Nuno Lopes 641fdce235 revert part of my last patch, and mark only the c++ global new operator as noalias. the rest will be infered by llvm optz
llvm-svn: 91600
2009-12-17 10:15:49 +00:00
Nuno Lopes 13c88c7269 implement PR5654: add -fassume-sane-operator-new, which is enabled by default, and adds the malloc attribute to the global function new() and to the overloaded new operators.
feel free to chage the name to this lengthy argument

llvm-svn: 91543
2009-12-16 16:59:22 +00:00