Commit Graph

33 Commits

Author SHA1 Message Date
Peter Collingbourne 1db3a448b5 CFI: Add diagnostic handler and tests for indirect call checker.
Differential Revision: http://reviews.llvm.org/D11858

llvm-svn: 247239
2015-09-10 02:18:02 +00:00
Alexey Samsonov f3b9c895fa [UBSan] Add the ability to print more precise error kind in summary line.
Reviewers: rsmith, pcc

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D12215

llvm-svn: 245897
2015-08-24 23:18:49 +00:00
Filipe Cabecinhas 7317de6c15 [compiler-rt] Add SourceLocations for float_cast_overflow data.
Summary:
Compiler-rt part of http://reviews.llvm.org/D11757
I ended up making UBSan work with both the old version and the new
version of the float_cast_overflow data (instead of just erroring with
the previous version). The old version will try to symbolize its caller.

Now we compile the float_cast_overflow tests without -g, and make sure
we have the source file+line+column.

If you think I'm trying too hard to make sure we can still use both
versions, let me know.

Reviewers: samsonov, rsmith

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D11793

llvm-svn: 244567
2015-08-11 04:19:24 +00:00
Alexey Samsonov 0781e98cc7 [UBSan] Explicitly list all supported OS/arch pairs supported by UBSan.
llvm-svn: 233295
2015-03-26 17:26:04 +00:00
Alexey Samsonov 8812e73c63 [UBSan] Allow UBSan location to store frames returned by symbolizer.
Summary:
__ubsan::getFunctionLocation() used to issue a call to symbolizer, and
convert the result (SymbolizedStack) to one of UBSan structures:
SourceLocation, ModuleLocation or MemoryLocation. This:
(1) is inefficient: we do an extra allocation/deallocation to copy data,
while we can instead can just pass SymbolizedStack around (which
contains all the necessary data).
(2) leaks memory: strings stored in SourceLocation/MemoryLocation are
never deallocated, and Filipe Cabecinhas suggests this causes crashes
of UBSan-ified programs in the wild.

Instead, let Location store a pointer to SymbolizedStack object, and
make sure it's properly deallocated when UBSan handler exits.

ModuleLocation is made obsolete by this change, and is deleted.

Test Plan: check-ubsan test suite

Reviewers: rsmith, filcab

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7548

llvm-svn: 228869
2015-02-11 19:45:07 +00:00
Alexey Samsonov fa8b3db54b [UBSan] Add report deduplication for -fsanitize=function.
Summary:
Make sure we don't print the error report from -fsanitize=function
twice for the same source location, as we do in another UBSan handlers.

Test Plan: check-ubsan test suite

Reviewers: rsmith, pcc

Reviewed By: pcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7524

llvm-svn: 228772
2015-02-11 00:05:31 +00:00
Alexey Samsonov 1923595b4f [UBSan] Reduce the number of getCallerLocation() calls.
getCallerLocation() is expensive as it issues a call to symbolizer.
(In fact, this function has a memory leak at the moment, but this
will be fixed in the nearest future). We should only call it if
we're actually going to print an error report, in particular,
once for every reported source location.

__ubsan_handle_type_mismatch: call getCallerLocation() only if
provided source location is invalid, and only if the report is not
deduplicated.

__ubsan_handle_float_cast_overflow: call getSourceLocation with
correct CallerPC (the one in user code, not in UBSan handler). Source
location for this check is not currently emitted by frontend.

llvm-svn: 228732
2015-02-10 19:50:20 +00:00
Alexey Samsonov eb47d8a2c8 Sanitize upcasts and conversion to virtual base.
This change adds UBSan check to upcasts. Namely, when we
perform derived-to-base conversion, we:
1) check that the pointer-to-derived has suitable alignment
   and underlying storage, if this pointer is non-null.
2) if vptr-sanitizer is enabled, and we perform conversion to
   virtual base, we check that pointer-to-derived has a matching vptr.

llvm-svn: 219642
2014-10-13 23:59:00 +00:00
Alexey Samsonov 760750c44f [UBSan] Optionally report summary in UBSan error reports.
By default summary is not printed if UBSan is run in a standalone mode,
but is printed if it's combined with another sanitizer (like ASan).

llvm-svn: 218135
2014-09-19 18:33:45 +00:00
Alexey Samsonov 7f0f17b3fb [UBSan] Add noinline attribute to handlers that should never return.
FIx a problem reported by Jakub Jelinek: don't do early-exit from fatal
UBSan handlers: even if source location is disabled (i.e. acquired by
some other thread), we should continue the execution to make sure that:
a) some thread will print the error report before calling Die().
b) handler marked as noreturn will indeed not return.

Explicitly add "Die()" calls at the end of all fatal handlers to be
sure UBSan handlers don't introduce UB themselves.

llvm-svn: 217542
2014-09-10 20:43:36 +00:00
Alexey Samsonov 90452df7b1 Report source location of returns_nonnull attribute in UBSan reports.
llvm-svn: 217400
2014-09-08 20:17:19 +00:00
Alexey Samsonov 8e1162c71d Implement nonnull-attribute sanitizer
Summary:
This patch implements a new UBSan check, which verifies
that function arguments declared to be nonnull with __attribute__((nonnull))
are actually nonnull in runtime.

To implement this check, we pass FunctionDecl to CodeGenFunction::EmitCallArgs
(where applicable) and if function declaration has nonnull attribute specified
for a certain formal parameter, we compare the corresponding RValue to null as
soon as it's calculated.

Test Plan: regression test suite

Reviewers: rsmith

Reviewed By: rsmith

Subscribers: cfe-commits, rnk

Differential Revision: http://reviews.llvm.org/D5082

llvm-svn: 217389
2014-09-08 17:22:45 +00:00
Alexey Samsonov 2ccbc621df [UBSan] Add support for printing backtraces to all UBSan handlers
llvm-svn: 216289
2014-08-22 21:42:04 +00:00
Alexey Samsonov de443c5002 [UBSan] Add returns-nonnull sanitizer.
Summary:
This patch adds a runtime check verifying that functions
annotated with "returns_nonnull" attribute do in fact return nonnull pointers.
It is based on suggestion by Jakub Jelinek:
http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20140623/223693.html.

Test Plan: regression test suite

Reviewers: rsmith

Reviewed By: rsmith

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D4849

llvm-svn: 215485
2014-08-13 00:26:40 +00:00
Alexey Samsonov 96591cd1f1 [UBSan] Introduce ScopedReport object.
This object is used to encapsulate all actions that need to be
done before/after printing UBSan diagnostics. Currently these
actions are:
* locking a mutex to ensure that UBSan diagnostics from several
threads won't mix with each other and with other sanitizers' 
reports
* killing a program once the report is printed (if necessary).

Use this object in all UBSan handlers. Unify the way we implement
fatal and non-fatal handlers by making all the handlers simple
one-liners that redirect __ubsan_handle_foo(_abort)? to
handleFooImpl().

llvm-svn: 214279
2014-07-30 01:49:19 +00:00
Peter Collingbourne 90a0876ae7 Runtime support for the indirect function call checker.
Differential Revision: http://llvm-reviews.chandlerc.com/D1339

llvm-svn: 193060
2013-10-20 21:29:46 +00:00
Nick Lewycky b7aa592c19 Make the InvalidValueData take a SourceLocation.
llvm-svn: 191807
2013-10-02 02:29:47 +00:00
Richard Smith 0404ec8396 ubsan: Runtime handlers for array indexing checks.
llvm-svn: 175948
2013-02-23 02:40:07 +00:00
Richard Smith 6d9f13127c ubsan: Add checking for invalid downcasts. Per [expr.static.cast]p2 and p11,
base-to-derived casts have undefined behavior if the object is not actually an
instance of the derived type. Runtime library part.

llvm-svn: 175079
2013-02-13 21:18:23 +00:00
Will Dietz 765c266892 [ubsan] Add deduplication functionality, always enabled.
llvm-svn: 171948
2013-01-09 03:40:03 +00:00
Will Dietz 82f61bf4b6 [ubsan] Don't suggest casting to unsigned for unsigned unary minus overflow.
Fixed version of r171273.

llvm-svn: 171278
2012-12-31 06:36:44 +00:00
Chandler Carruth 5f8061bc36 Revert r171273 which doesn't actually compile.
Original commit message:
[ubsan] Don't suggest casting to unsigned for unsigned unary minus overflow.

llvm-svn: 171277
2012-12-31 06:16:47 +00:00
Will Dietz d6cd3203f6 [ubsan] Don't suggest casting to unsigned for unsigned unary minus overflow.
llvm-svn: 171273
2012-12-31 02:20:55 +00:00
Richard Smith cf56ebd52a ubsan: When diagnosing something wrong somewhere in memory, emit a note
pointing at the bad location and a snippet of nearby memory values. This is
strictly best-effort; reading these bytes to display the note could lead to a
seg fault, and that's explicitly OK.

llvm-svn: 170415
2012-12-18 06:30:32 +00:00
Richard Smith 52987120f9 ubsan: if the frontend didn't provide us with a source location, try to work
one out from the return address. Currently, we can only resolve this address to
a file and line number if we have an external symbolizer.

llvm-svn: 170407
2012-12-18 04:23:18 +00:00
Richard Smith 32952215b6 ubsan: Add -fsanitize=bool and -fsanitize=enum, which check for loads of
bit-patterns which are not valid values for enumerated or boolean types.
These checks are the ubsan analogue of !range metadata.

llvm-svn: 170107
2012-12-13 07:00:14 +00:00
Will Dietz 2c36c71f5b [ubsan] Refactor handlers to have separate entry points for aborting.
If user specifies aborting after a recoverable failed check is
appropriate, frontend should emit call to the _abort variant.

Test this behavior with newly added -fsanitize-recover flag.

llvm-svn: 169113
2012-12-02 19:47:29 +00:00
Will Dietz 2631aaf939 ubsan: Support unsigned overflows, and divide-by-zero int/float split.
llvm-svn: 168700
2012-11-27 15:01:43 +00:00
Richard Smith 05dce7e644 -fsanitize=undefined: Switch to using sanitizer_common for output. This gets us much closer to not depending on any system headers.
llvm-svn: 167888
2012-11-13 23:42:05 +00:00
Richard Smith 2f0d7d564c -fcatch-undefined-behavior checking for appropriate vptr value: library side.
llvm-svn: 166660
2012-10-25 02:07:02 +00:00
Richard Smith 7247b23efc -fcatch-undefined-behavior: Runtime library support for trapping conversions to or
from a floating-point type where the source value is not in the range of
representable values of the destination type.

llvm-svn: 165844
2012-10-12 22:57:15 +00:00
Richard Smith 22cc16462e -fcatch-undefined-behavior: handler for VLA bound which evaluates to a non-positive value.
llvm-svn: 165582
2012-10-10 01:10:59 +00:00
Richard Smith 68b3014cd3 Add a runtime diagnostics library for Clang's -fcatch-undefined-behavior.
llvm-svn: 165533
2012-10-09 19:34:32 +00:00