Protection against stack-based memory corruption errors using SafeStack: Clang command line option and function attribute
This patch adds the -fsanitize=safe-stack command line argument for clang,
which enables the Safe Stack protection (see http://reviews.llvm.org/D6094
for the detailed description of the Safe Stack).
This patch is our implementation of the safe stack on top of Clang. The
patches make the following changes:
- Add -fsanitize=safe-stack and -fno-sanitize=safe-stack options to clang
to control safe stack usage (the safe stack is disabled by default).
- Add __attribute__((no_sanitize("safe-stack"))) attribute to clang that can be
used to disable the safe stack for individual functions even when enabled
globally.
Original patch by Volodymyr Kuznetsov and others at the Dependable Systems
Lab at EPFL; updates and upstreaming by myself.
Switch to using BalancedDelimiterTracker to get better diagnostics for
unbalanced delimiters. This still does not handle any of the attributes, simply
improves the parsing.
Luke Cheeseman [Mon, 15 Jun 2015 17:51:01 +0000 (17:51 +0000)]
This patch implements clang support for the ACLE special register intrinsics
in section 10.1, __arm_{w,r}sr{,p,64}.
This includes arm_acle.h definitions with builtins and codegen to support
these, the intrinsics are implemented by generating read/write_register calls
which get appropriately lowered in the backend based on the register string
provided. SemaChecking is also implemented to fault invalid parameters.
Daniel Sanders [Mon, 15 Jun 2015 09:19:41 +0000 (09:19 +0000)]
Replace string GNU Triples with llvm::Triple in InitMCObjectFileInfo. NFC.
Summary:
This affects other tools so the previous C++ API has been retained as a
deprecated function for the moment. Clang has been updated with a trivial
patch (not covered by the pre-commit review) to avoid breaking -Werror builds.
Other in-tree tools will be fixed with similar trivial patches.
This continues the patch series to eliminate StringRef forms of GNU triples
from the internals of LLVM that began in r239036.
Devin Coughlin [Mon, 15 Jun 2015 01:00:42 +0000 (01:00 +0000)]
[analyzer] Remove ObjCContainersChecker size information when a CFMutableArrayRef escapes
Update ObjCContainersChecker to be notified when pointers escape so it can
remove size information for escaping CFMutableArrayRefs. When such pointers
escape, un-analyzed code could mutate the array and cause the size information
to be incorrect.
Ed Schouten [Sat, 13 Jun 2015 21:33:49 +0000 (21:33 +0000)]
Add some basic support for CloudABI on i686.
Some people want to experiment with building i686 CloudABI binaries. I
am not entirely sure this is a good idea, as I'd rather see Intel x32
support appear.
As it only requires a two-line change, let's at least provide compiler
to ease experimenting.
Rafael Espindola [Sat, 13 Jun 2015 17:23:13 +0000 (17:23 +0000)]
Don't use std::errc.
As noted on Errc.h:
// * std::errc is just marked with is_error_condition_enum. This means that
// common patters like AnErrorCode == errc::no_such_file_or_directory take
// 4 virtual calls instead of two comparisons.
And on some libstdc++ those virtual functions conclude that
Eric Fiselier [Sat, 13 Jun 2015 07:11:40 +0000 (07:11 +0000)]
Add `-verify-ignore-unexpected` option to ignore unexpected diagnostics in VerifyDiagnosticsConsumer
Summary:
The goal of this patch is to make `-verify` easier to use when testing libc++. The `notes` attached to compile error diagnostics are numerous and relatively unstable when they reference libc++ header internals. This patch allows libc++ to write stable compilation failure tests by allowing unexpected diagnostic messages to be ignored where they are not relevant.
This patch adds a new CC1 flag called `-verify-ignore-unexpected`. `-verify-ignore-unexpected` tells `VerifyDiagnosticsConsumer` to ignore *all* unexpected diagnostic messages. `-verify-ignore-unexpected=<LevelList>` can be used to only ignore certain diagnostic levels. `<LevelList>` is a comma separated list of diagnostic levels to ignore. The supported levels are `note`, `remark`, `warning` and `error`.
Ahmed Bougacha [Sat, 13 Jun 2015 01:16:10 +0000 (01:16 +0000)]
[CodeGen] Don't evaluate immediate inlineasm arguments using isICE().
Instead, just EvaluateAsInt().
Follow-up to r239549: rsmith points out that isICE() is expensive;
seems like it's not the right concept anyway, as it fails on
`static const' in C, and will actually trigger the assert below on:
test/Sema/inline-asm-validate-x86.c
Alexey Samsonov [Fri, 12 Jun 2015 22:31:32 +0000 (22:31 +0000)]
[CodeGen] Use IRBuilder to create llvm.lifetime intrinsics.
Summary:
In addition to easier syntax, IRBuilder makes sure to set correct
debug locations for newly added instructions (bitcast and
llvm.lifetime itself). This restores the original behavior, which
was modified by r234581 (reapplied as r235553).
Extend one of the tests to check for debug locations.
Hans Wennborg [Fri, 12 Jun 2015 21:23:23 +0000 (21:23 +0000)]
[ms] Don't try to delay lookup for failures in SFINAE context (PR23823)
The underlying problem in PR23823 already existed before my recent change
in r239558, but that change made it worse (failing not only for undeclared
symbols, but also failed overload resolution). This makes Clang not try to
delay the lookup in SFINAE context. I assume no current code is relying on
SFINAE working with lookups that need to be delayed, because that never
seems to have worked.
Alexey Samsonov [Fri, 12 Jun 2015 21:05:32 +0000 (21:05 +0000)]
[CGCall] Fix potential invalid iterator decrement in findDominatingStoreToReturnValue.
If llvm.lifetime.end turns out to be the first instruction in the last
basic block, we can decrement the iterator twice, going past rend.
At the moment, this can never happen because llvm.lifetime.end always
goes immediately after bitcast, but relying on this is very brittle.
Tim Northover [Fri, 12 Jun 2015 19:21:35 +0000 (19:21 +0000)]
Driver: only set -mlinker-version based on host if it's valid
We were adding an extra "-mlinker-version" argument to the invocation
based on a value inferred from "ld -v". This is set by the build
systems to either a sane value or an empty string (e.g. for custom
built ld), which we don't want to pass on.
No test really possible because the value depends on both host system
and how CMake was invoked.
Gabor Ballabas [Fri, 12 Jun 2015 17:33:37 +0000 (17:33 +0000)]
Allow case-insensitive values for -mcpu for AArch64 target in line with GCC.
GCC allows case-insensitive values for -mcpu, -march and -mtune options.
This patch implements the same behaviour for the -mcpu option for the AArch64 target.
Greg Bedwell [Fri, 12 Jun 2015 16:33:38 +0000 (16:33 +0000)]
Use Clang version numbers for the Windows VERSIONINFO resource.
When setting the VERSIONINFO resource to embed version information into exe and
DLL files on Windows, override the default LLVM version number values with their
clang equivalents.
Sylvestre Ledru [Fri, 12 Jun 2015 15:50:27 +0000 (15:50 +0000)]
scan-build: Remove useless whitespace in File path
Patch by Honggyu Kim
Summary:
This patch removes useless whitespace in File path in index.html
Previously, a File directory path is copied and pasted as below:
arch /arm /kernel /stacktrace.c
It just removes the whitespace between directories and makes the
copied string as below:
arch/arm/kernel/stacktrace.c
The output looks same in html format, but the copied directory path
can be pasted as it looks.
Daniel Jasper [Fri, 12 Jun 2015 04:52:02 +0000 (04:52 +0000)]
clang-format: [JS] fix incorrectly collapsed lines after export
statement.
When an exported function would follow a class declaration, it would not
be recognized as a stand-alone function. That would then collapse the
following line with the current one, e.g.
Eric Christopher [Fri, 12 Jun 2015 01:36:05 +0000 (01:36 +0000)]
Add a warning for unsupported elements of the target attribute.
Since we're ignoring the tune= and fpmath= attributes go ahead
and add a warning alerting people to the fact that we're going
to ignore that part of it during code generation and tie it to
the attribute warning set.
Eric Christopher [Fri, 12 Jun 2015 01:36:00 +0000 (01:36 +0000)]
Handle fpmath= in the target attribute.
Right now we're ignoring the fpmath attribute since there's no
backend support for a feature like this and to do so would require
checking the validity of the strings and doing general subtarget
feature parsing of valid and invalid features with the target
attribute feature.
Eric Christopher [Fri, 12 Jun 2015 01:35:52 +0000 (01:35 +0000)]
Add support for the the target attribute.
Modeled after the gcc attribute of the same name, this feature
allows source level annotations to correspond to backend code
generation. In llvm particular parlance, this allows the adding
of subtarget features and changing the cpu for a particular function
based on source level hints.
This has been added into the existing support for function level
attributes without particular verification for any target outside
of whether or not the backend will support the features/cpu given
(similar to section, etc).
Tyler Nowicki [Thu, 11 Jun 2015 23:23:17 +0000 (23:23 +0000)]
Add assume_safety option for pragma loop vectorize and interleave.
Specifying #pragma clang loop vectorize(assume_safety) on a loop adds the
mem.parallel_loop_access metadata to each load/store operation in the loop. This
metadata tells loop access analysis (LAA) to skip memory dependency checking.
Hans Wennborg [Thu, 11 Jun 2015 21:21:57 +0000 (21:21 +0000)]
[ms] Do lookup in dependent base classes also when overload resolution fails (PR23810)
This patch does two things in order to enable compilation of the problematic code in PR23810:
1. In Sema::buildOverloadedCallSet, it postpones lookup for MS mode when no
viable candidate is found in the overload set. Previously, lookup would only
be postponed here if the overload set was empty.
2. Make BuildRecoveryCallExpr call Sema::DiagnoseEmptyLookup under more circumstances.
There is a comment in DiagnoseTwoPhaseLookup that says "Don't diagnose names we find in
classes; we get much better diagnostics for these from DiagnoseEmptyLookup." The problem
was that DiagnoseEmptyLookup might not get called later, and we failed to recover.
Ahmed Bougacha [Thu, 11 Jun 2015 18:19:34 +0000 (18:19 +0000)]
[CodeGen] Emit Constants for immediate inlineasm arguments.
For inline assembly immediate constraints, we currently always use
EmitScalarExpr, instead of directly emitting the constant. When the
overflow sanitizer is enabled, this generates overflow intrinsics
instead of constants.
Instead, emit a constant for constraints that either require an
immediate (e.g. 'I' on X86), or only accepts constants (immediate
or symbolic; i.e., don't accept registers or memory).
Sanjay Patel [Thu, 11 Jun 2015 14:53:41 +0000 (14:53 +0000)]
add the -mrecip driver flag and process its options (3rd try)
The 1st and 2nd tries to land this (r238055, r238851) were reverted due to
bot failures caused by the LLVM part of the patch. That was hopefully fixed
after r239001.
This is the front-end counterpart to D8982.
The -mrecip option interface is based on maintaining compatibility with gcc:
https://gcc.gnu.org/onlinedocs/gcc-4.9.2/gcc/i386-and-x86-64-Options.html#index-mrecip_003dopt-1627
https://gcc.gnu.org/onlinedocs/gcc-4.9.2/gcc/RS_002f6000-and-PowerPC-Options.html#index-mrecip-2289
...while adding more functionality (allowing users to specify the number of refinement steps for each
estimate type).
Daniel Jasper [Thu, 11 Jun 2015 13:31:45 +0000 (13:31 +0000)]
clang-format: Make SFS_Inline imply SFS_Empty.
In the long run, these two might be independent or we might to only
allow specific combinations. Until we have a corresponding request,
however, it is hard to do the right thing and choose the right
configuration options. Thus, just don't touch the options yet and
just modify the behavior slightly.
Richard Smith [Wed, 10 Jun 2015 20:30:23 +0000 (20:30 +0000)]
[modules] Track all default template arguments for a given parameter across
modules, and allow use of a default template argument if any of the parameters
providing it is visible.
Serge Pavlov [Wed, 10 Jun 2015 19:06:59 +0000 (19:06 +0000)]
Do not parse members of incomplete class.
If definition of a class is unknown and out-of-line definition of its
member is encountered, do not parse the member declaration.
This change fixes PR18542.
Teresa Johnson [Wed, 10 Jun 2015 17:49:45 +0000 (17:49 +0000)]
Pass down the -flto option to the -cc1 job, and from there into the
CodeGenOptions and onto the PassManagerBuilder. This enables gating
the new EliminateAvailableExternally module pass on whether we are
preparing for LTO.
If we are preparing for LTO (e.g. a -flto -c compile), the new pass is not
included as we want to preserve available externally functions for possible
link time inlining.
Alexander Musman [Wed, 10 Jun 2015 11:20:26 +0000 (11:20 +0000)]
PR5172: Fix for a bug in pragma redefine_extname implementation:
it doesn't work correctly when a structure is declared before pragma
and then a function with the same name declared after pragma.
Richard Smith [Wed, 10 Jun 2015 01:47:58 +0000 (01:47 +0000)]
[modules] Reconstruct template default argument inheritance on reload rather
than wasting storage and triggering eager deserializations by serializing it.
Based on previous discussion on the mailing list, clang currently lacks support
for C99 partial re-initialization behavior:
Reference: http://lists.cs.uiuc.edu/pipermail/cfe-dev/2013-April/029188.html
Reference: http://www.open-std.org/jtc1/sc22/wg14/www/docs/dr_253.htm
struct LP1 l = { .p1 = { "foo" }, .p1.x[2] = 'x' };
// this example is adapted from the example for "struct fred x[]" in DR-253;
// currently clang produces in l: { "\0\0x" },
// whereas gcc 4.8 produces { "fox" };
// with this fix, clang will also produce: { "fox" };
projects / clang / log