From: Richard Smith Date: Tue, 22 Oct 2013 22:51:04 +0000 (+0000) Subject: Split -fsanitize=bounds to -fsanitize=array-bounds (for the frontend-inserted X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=69170e6e41e72c84fe5303540c1aa7ca9944ff18;p=clang Split -fsanitize=bounds to -fsanitize=array-bounds (for the frontend-inserted check using the ubsan runtime) and -fsanitize=local-bounds (for the middle-end check which inserts traps). Remove -fsanitize=local-bounds from -fsanitize=undefined. It does not produce useful diagnostics and has false positives (PR17635), and is not a good compromise position between UBSan's checks and ASan's checks. Map -fbounds-checking to -fsanitize=local-bounds to restore Clang's historical behavior for that flag. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193205 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/include/clang/Basic/Sanitizers.def b/include/clang/Basic/Sanitizers.def index a889b9ad4f..c9b31a39aa 100644 --- a/include/clang/Basic/Sanitizers.def +++ b/include/clang/Basic/Sanitizers.def @@ -59,8 +59,8 @@ SANITIZER("leak", Leak) // UndefinedBehaviorSanitizer SANITIZER("alignment", Alignment) +SANITIZER("array-bounds", ArrayBounds) SANITIZER("bool", Bool) -SANITIZER("bounds", Bounds) SANITIZER("enum", Enum) SANITIZER("float-cast-overflow", FloatCastOverflow) SANITIZER("float-divide-by-zero", FloatDivideByZero) @@ -84,7 +84,7 @@ SANITIZER("dataflow", DataFlow) // -fsanitize=undefined includes all the sanitizers which have low overhead, no // ABI or address space layout implications, and only catch undefined behavior. SANITIZER_GROUP("undefined", Undefined, - Alignment | Bool | Bounds | Enum | FloatCastOverflow | + Alignment | Bool | ArrayBounds | Enum | FloatCastOverflow | FloatDivideByZero | Function | IntegerDivideByZero | Null | ObjectSize | Return | Shift | SignedIntegerOverflow | Unreachable | VLABound | Vptr) @@ -94,7 +94,7 @@ SANITIZER_GROUP("undefined", Undefined, // runtime support. This group is generally used in conjunction with the // -fsanitize-undefined-trap-on-error flag. SANITIZER_GROUP("undefined-trap", UndefinedTrap, - Alignment | Bool | Bounds | Enum | FloatCastOverflow | + Alignment | Bool | ArrayBounds | Enum | FloatCastOverflow | FloatDivideByZero | IntegerDivideByZero | Null | ObjectSize | Return | Shift | SignedIntegerOverflow | Unreachable | VLABound) @@ -103,5 +103,9 @@ SANITIZER_GROUP("integer", Integer, SignedIntegerOverflow | UnsignedIntegerOverflow | Shift | IntegerDivideByZero) +// -fbounds-checking +SANITIZER("local-bounds", LocalBounds) +SANITIZER_GROUP("bounds", Bounds, ArrayBounds | LocalBounds) + #undef SANITIZER #undef SANITIZER_GROUP diff --git a/lib/CodeGen/BackendUtil.cpp b/lib/CodeGen/BackendUtil.cpp index 9943287adf..7a62e4e195 100644 --- a/lib/CodeGen/BackendUtil.cpp +++ b/lib/CodeGen/BackendUtil.cpp @@ -245,7 +245,7 @@ void EmitAssemblyHelper::CreatePasses(TargetMachine *TM) { addObjCARCOptPass); } - if (LangOpts.Sanitize.Bounds) { + if (LangOpts.Sanitize.LocalBounds) { PMBuilder.addExtension(PassManagerBuilder::EP_ScalarOptimizerLate, addBoundsCheckingPass); PMBuilder.addExtension(PassManagerBuilder::EP_EnabledOnOptLevel0, diff --git a/lib/CodeGen/CGExpr.cpp b/lib/CodeGen/CGExpr.cpp index 4397c2dabe..221d132ee0 100644 --- a/lib/CodeGen/CGExpr.cpp +++ b/lib/CodeGen/CGExpr.cpp @@ -641,7 +641,8 @@ static llvm::Value *getArrayIndexingBound( void CodeGenFunction::EmitBoundsCheck(const Expr *E, const Expr *Base, llvm::Value *Index, QualType IndexType, bool Accessed) { - assert(SanOpts->Bounds && "should not be called unless adding bounds checks"); + assert(SanOpts->ArrayBounds && + "should not be called unless adding bounds checks"); QualType IndexedType; llvm::Value *Bound = getArrayIndexingBound(*this, Base, IndexedType); @@ -742,7 +743,7 @@ LValue CodeGenFunction::EmitUnsupportedLValue(const Expr *E, LValue CodeGenFunction::EmitCheckedLValue(const Expr *E, TypeCheckKind TCK) { LValue LV; - if (SanOpts->Bounds && isa(E)) + if (SanOpts->ArrayBounds && isa(E)) LV = EmitArraySubscriptExpr(cast(E), /*Accessed*/true); else LV = EmitLValue(E); @@ -2233,7 +2234,7 @@ LValue CodeGenFunction::EmitArraySubscriptExpr(const ArraySubscriptExpr *E, QualType IdxTy = E->getIdx()->getType(); bool IdxSigned = IdxTy->isSignedIntegerOrEnumerationType(); - if (SanOpts->Bounds) + if (SanOpts->ArrayBounds) EmitBoundsCheck(E, E->getBase(), Idx, IdxTy, Accessed); // If the base is a vector type, then we are forming a vector element lvalue diff --git a/lib/CodeGen/CGExprScalar.cpp b/lib/CodeGen/CGExprScalar.cpp index 074fc76616..f3fd60498c 100644 --- a/lib/CodeGen/CGExprScalar.cpp +++ b/lib/CodeGen/CGExprScalar.cpp @@ -1073,7 +1073,7 @@ Value *ScalarExprEmitter::VisitArraySubscriptExpr(ArraySubscriptExpr *E) { Value *Idx = Visit(E->getIdx()); QualType IdxTy = E->getIdx()->getType(); - if (CGF.SanOpts->Bounds) + if (CGF.SanOpts->ArrayBounds) CGF.EmitBoundsCheck(E, E->getBase(), Idx, IdxTy, /*Accessed*/true); bool IdxSigned = IdxTy->isSignedIntegerOrEnumerationType(); @@ -2314,7 +2314,7 @@ static Value *emitPointerArithmetic(CodeGenFunction &CGF, if (isSubtraction) index = CGF.Builder.CreateNeg(index, "idx.neg"); - if (CGF.SanOpts->Bounds) + if (CGF.SanOpts->ArrayBounds) CGF.EmitBoundsCheck(op.E, pointerOperand, index, indexOperand->getType(), /*Accessed*/ false); diff --git a/lib/Driver/SanitizerArgs.cpp b/lib/Driver/SanitizerArgs.cpp index 6a91998576..8c9baa7714 100644 --- a/lib/Driver/SanitizerArgs.cpp +++ b/lib/Driver/SanitizerArgs.cpp @@ -256,8 +256,8 @@ bool SanitizerArgs::parse(const Driver &D, const llvm::opt::ArgList &Args, "-fsanitize=undefined-trap -fsanitize-undefined-trap-on-error"; } else if (A->getOption().matches(options::OPT_fbounds_checking) || A->getOption().matches(options::OPT_fbounds_checking_EQ)) { - Add = Bounds; - DeprecatedReplacement = "-fsanitize=bounds"; + Add = LocalBounds; + DeprecatedReplacement = "-fsanitize=local-bounds"; } else if (A->getOption().matches(options::OPT_fsanitize_EQ)) { Add = parse(D, A, DiagnoseErrors); } else if (A->getOption().matches(options::OPT_fno_sanitize_EQ)) { diff --git a/test/CodeGen/bounds-checking.c b/test/CodeGen/bounds-checking.c index fa7541f814..d93cd3ede7 100644 --- a/test/CodeGen/bounds-checking.c +++ b/test/CodeGen/bounds-checking.c @@ -1,26 +1,29 @@ -// RUN: %clang_cc1 -fsanitize=bounds -emit-llvm -triple x86_64-apple-darwin10 < %s | FileCheck %s +// RUN: %clang_cc1 -fsanitize=local-bounds -emit-llvm -triple x86_64-apple-darwin10 %s -o - | FileCheck %s +// RUN: %clang_cc1 -fsanitize=array-bounds -O -fsanitize-undefined-trap-on-error -emit-llvm -triple x86_64-apple-darwin10 -DNO_DYNAMIC %s -o - | FileCheck %s -// CHECK: @f +// CHECK-LABEL: @f double f(int b, int i) { double a[b]; - // CHECK: trap + // CHECK: call {{.*}} @llvm.trap return a[i]; } -// CHECK: @f2 +// CHECK-LABEL: @f2 void f2() { // everything is constant; no trap possible - // CHECK-NOT: trap + // CHECK-NOT: call {{.*}} @llvm.trap int a[2]; a[1] = 42; - + +#ifndef NO_DYNAMIC short *b = malloc(64); b[5] = *a + a[1] + 2; +#endif } -// CHECK: @f3 +// CHECK-LABEL: @f3 void f3() { int a[1]; - // CHECK: trap + // CHECK: call {{.*}} @llvm.trap a[2] = 1; } diff --git a/test/CodeGenCXX/catch-undef-behavior.cpp b/test/CodeGenCXX/catch-undef-behavior.cpp index 611bbcb931..338da57f0c 100644 --- a/test/CodeGenCXX/catch-undef-behavior.cpp +++ b/test/CodeGenCXX/catch-undef-behavior.cpp @@ -1,4 +1,4 @@ -// RUN: %clang_cc1 -std=c++11 -fsanitize=signed-integer-overflow,integer-divide-by-zero,float-divide-by-zero,shift,unreachable,return,vla-bound,alignment,null,vptr,object-size,float-cast-overflow,bool,enum,bounds,function -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s +// RUN: %clang_cc1 -std=c++11 -fsanitize=signed-integer-overflow,integer-divide-by-zero,float-divide-by-zero,shift,unreachable,return,vla-bound,alignment,null,vptr,object-size,float-cast-overflow,bool,enum,array-bounds,function -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s struct S { double d; diff --git a/test/Driver/bounds-checking.c b/test/Driver/bounds-checking.c index a4f97e820b..fdd20ca374 100644 --- a/test/Driver/bounds-checking.c +++ b/test/Driver/bounds-checking.c @@ -1,11 +1,11 @@ // RUN: %clang -fsanitize=bounds -### -fsyntax-only %s 2> %t // RUN: FileCheck -check-prefix=CHECK < %t %s -// CHECK: "-fsanitize=bounds" +// CHECK: "-fsanitize=array-bounds,local-bounds" // RUN: %clang -fbounds-checking -### -fsyntax-only %s 2> %t // RUN: FileCheck -check-prefix=CHECK-OLD < %t %s -// CHECK-OLD: "-fsanitize=bounds" +// CHECK-OLD: "-fsanitize=local-bounds" // RUN: %clang -fbounds-checking=3 -### -fsyntax-only %s 2> %t // RUN: FileCheck -check-prefix=CHECK-OLD2 < %t %s -// CHECK-OLD2: "-fsanitize=bounds" +// CHECK-OLD2: "-fsanitize=local-bounds" diff --git a/test/Driver/fsanitize.c b/test/Driver/fsanitize.c index cf347ceb04..6dbde978ac 100644 --- a/test/Driver/fsanitize.c +++ b/test/Driver/fsanitize.c @@ -1,17 +1,17 @@ // RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP // RUN: %clang -target x86_64-linux-gnu -fsanitize-undefined-trap-on-error -fsanitize=undefined-trap %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP -// CHECK-UNDEFINED-TRAP: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|object-size|float-cast-overflow|bounds|enum|bool),?){14}"}} +// CHECK-UNDEFINED-TRAP: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|object-size|float-cast-overflow|array-bounds|enum|bool),?){14}"}} // CHECK-UNDEFINED-TRAP: "-fsanitize-undefined-trap-on-error" // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED -// CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|bounds|enum|bool),?){16}"}} +// CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|array-bounds|enum|bool),?){16}"}} // RUN: %clang -target x86_64-linux-gnu -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER // CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift),?){4}"}} // RUN: %clang -target x86_64-linux-gnu -fsanitize=thread,undefined -fno-thread-sanitizer -fno-sanitize=float-cast-overflow,vptr,bool,enum %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-PARTIAL-UNDEFINED -// CHECK-PARTIAL-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift|unreachable|return|vla-bound|alignment|null|object-size|bounds),?){12}"}} +// CHECK-PARTIAL-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift|unreachable|return|vla-bound|alignment|null|object-size|array-bounds),?){12}"}} // RUN: %clang -target x86_64-linux-gnu -fsanitize=address-full %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-FULL // CHECK-ASAN-FULL: "-fsanitize={{((address|init-order|use-after-return|use-after-scope),?){4}"}} @@ -101,7 +101,7 @@ // CHECK-DEPRECATED: argument '-fno-thread-sanitizer' is deprecated, use '-fno-sanitize=thread' instead // CHECK-DEPRECATED: argument '-faddress-sanitizer' is deprecated, use '-fsanitize=address' instead // CHECK-DEPRECATED: argument '-fno-address-sanitizer' is deprecated, use '-fno-sanitize=address' instead -// CHECK-DEPRECATED: argument '-fbounds-checking' is deprecated, use '-fsanitize=bounds' instead +// CHECK-DEPRECATED: argument '-fbounds-checking' is deprecated, use '-fsanitize=local-bounds' instead // RUN: %clang -target x86_64-linux-gnu -fsanitize=thread %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-TSAN-NO-PIE // CHECK-TSAN-NO-PIE: "-mrelocation-model" "pic" "-pic-level" "2" "-pie-level" "2"