Insert poisoned paddings between fields in C++ classes so that AddressSanitizer can find intra-object-overflow bugs
Summary:
The general approach is to add extra paddings after every field
in AST/RecordLayoutBuilder.cpp, then add code to CTORs/DTORs that poisons the paddings
(CodeGen/CGClass.cpp).
Everything is done under the flag -fsanitize-address-field-padding.
The blacklist file (-fsanitize-blacklist) allows to avoid the transformation
for given classes or source files.
See also https://code.google.com/p/address-sanitizer/wiki/IntraObjectOverflow
Test Plan: run SPEC2006 and some of the Chromium tests with -fsanitize-address-field-padding
Hans Wennborg [Thu, 16 Oct 2014 20:52:46 +0000 (20:52 +0000)]
MS Compat: mark globals emitted in read-only sections const
They cannot be written to, so marking them const makes sense and may improve
optimisation.
As a side-effect, SectionInfos has to be moved from Sema to ASTContext.
It also fixes this problem, that occurs when compiling ATL:
warning LNK4254: section 'ATL' (C0000040) merged into '.rdata' (40000040) with different attributes
The ATL headers are putting variables in a special section that's marked
read-only. However, Clang currently can't model that read-onlyness in the IR.
But, by making the variables const, the section does become read-only, and
the linker warning is avoided.
David Blaikie [Thu, 16 Oct 2014 17:23:58 +0000 (17:23 +0000)]
Use iterators and algorithms to possibly make this code a bit tidier
(also, the code executed once the element was found was split half
inside the loop and half after it - now put it all together after the
find operation)
I'm a bit concerned that this code is rather untested (commenting out
this whole function and running check-clang doesn't fail any tests)...
Alexey Samsonov [Thu, 16 Oct 2014 17:10:38 +0000 (17:10 +0000)]
Remove one of SanitizerBlacklist::isIn() overloads. NFC.
The final goal is to get rid of all the rest overloads that
accept LLVM objects (llvm::Function and llvm::GlobalVariable),
and pass in source-level entities instead.
David Blaikie [Thu, 16 Oct 2014 04:21:25 +0000 (04:21 +0000)]
PR21246: DebugInfo: Emit the appropriate type (cv qualifiers, reference-ness, etc) for non-type template parameters
Plumb through the full QualType of the TemplateArgument::Declaration, as
it's insufficient to only know whether the type is a reference or
pointer (that was necessary for mangling, but insufficient for debug
info). This shouldn't increase the size of TemplateArgument as
TemplateArgument::Integer is still longer by another 32 bits.
Several bits of code were testing that the reference-ness of the
parameters matched, but this seemed to be insufficient (various other
features of the type could've mismatched and wouldn't've been caught)
and unnecessary, at least insofar as removing those tests didn't cause
anything to fail.
(Richard - perchaps you can hypothesize why any of these checks might
need to test reference-ness of the parameters (& explain why
reference-ness is part of the mangling - I would've figured that for the
reference-ness to be different, a prior template argument would have to
be different). I'd be happy to add them in/beef them up and add test
cases if there's a reason for them)
Alexey Bataev [Thu, 16 Oct 2014 03:04:35 +0000 (03:04 +0000)]
Bugfix in template instantiation in CXXPseudoDestructorExpr.
Fix for clang crash when instantiating a template with qualified lookup for members in non-class types.
Differential Revision: http://reviews.llvm.org/D5769
David Blaikie [Thu, 16 Oct 2014 00:41:40 +0000 (00:41 +0000)]
DebugInfo: Cleanup testing of non-type template parameters.
Separate out the non-nullable parameters from the nullable ones
(currently only the template template parameter) and demonstrate that
cv-qualifiers aren't preserved for non-null parameters (but are
preserved for null parameters) by adding 'const' to an int* non-type
template parameter.
Hal Finkel [Wed, 15 Oct 2014 23:45:08 +0000 (23:45 +0000)]
Moving CGF::EmitAlignmentAssumption to IRBuilder
The functionality contained in CodeGenFunction::EmitAlignmentAssumption has
been moved to IRBuilder (so that it can also be used by LLVM-level code).
Remove this now-duplicate implementation in favor of the IRBuilder code.
Alexey Samsonov [Wed, 15 Oct 2014 22:17:27 +0000 (22:17 +0000)]
Move SanitizerBlacklist object from CodeGenModule to ASTContext.
Soon we'll need to have access to blacklist before the CodeGen
phase (see http://reviews.llvm.org/D5687), so parse and construct
the blacklist earlier.
Alexey Samsonov [Wed, 15 Oct 2014 22:00:40 +0000 (22:00 +0000)]
Avoid having "using namespace" for both "clang" and "llvm" namespaces.
This is fragile, as there are classes with the same name in both
namespaces (e.g. llvm::Module and clang::Module).
Sema: handle AttributedTypeLocs in C++14 auto deduction
When performing a type deduction from the return type, the FunctionDecl may be
attributed with a calling convention. In such a case, the retrieved type
location may be an AttributedTypeLoc. Performing a castAs<FunctionProtoTypeLoc>
on such a type loc would result in an assertion as they are not derived types.
Ensure that we correctly handle the attributed type location by looking through
it to the modified type loc.
Alexey Samsonov [Wed, 15 Oct 2014 20:22:54 +0000 (20:22 +0000)]
Move -fsanitize-blacklist to LangOpts from CodeGenOpts. NFC.
After http://reviews.llvm.org/D5687 is submitted, we will need
SanitizerBlacklist before the CodeGen phase, so make it a LangOpt
(as it will actually affect ABI / class layout).
Alexey Samsonov [Wed, 15 Oct 2014 19:57:45 +0000 (19:57 +0000)]
Move SanitizerBlacklist to clangBasic. NFC.
This change moves SanitizerBlacklist.h from lib/CodeGen
to public Clang headers in include/clang/Basic. SanitizerBlacklist
is currently only used in CodeGen to decide which functions/modules
should be instrumented, but this will soon change as ASan will
optionally modify class layouts during AST construction
(http://reviews.llvm.org/D5687). We need blacklist machinery
to be available at this point.
Kaelyn Takata [Wed, 15 Oct 2014 17:46:18 +0000 (17:46 +0000)]
Drop unneccessary default case from switch introduced in r219809
This silences:
../tools/clang/tools/libclang/CIndex.cpp:6451:3: warning: default label
in switch which covers all enumeration values [-Wcovered-switch-default]
Anton Yartsev [Wed, 15 Oct 2014 17:13:02 +0000 (17:13 +0000)]
[analyzer] Perl scripts are run differently from makefiles. Sometimes additional utilities are involved, e.g. 'env' utility that present in MSYS but is missing in MinGW. The patch unifies launch of "c++-analyzer" and "ccc-analyzer".
Reid Kleckner [Wed, 15 Oct 2014 17:08:33 +0000 (17:08 +0000)]
Fix late template parsing leak with incremental processing
Add a second late template parser callback meant to cleanup any
resources allocated by late template parsing. Call it from the
Sema::ActOnEndOfTranslationUnit method after all pending template
instantiations have been completed. Teach Parser::ParseTopLevelDecl to
install the cleanup callback when incremental processing is enabled so
that Parser::TemplateIds can be freed.
Reid Kleckner [Wed, 15 Oct 2014 16:38:00 +0000 (16:38 +0000)]
Don't use a global_ctors comdat for globals that aren't externally visible
In particular, if you have two identical templates in different TUs in
anonymous namespaces, we would use the same global_ctors comdat key for
both. As a result, only one would be run.
Dario Domizioli [Wed, 15 Oct 2014 16:18:20 +0000 (16:18 +0000)]
Fix for PR21254 - Assertion in comment parser
The size of the ID field in CommandInfo was narrow, leading to potential
wrap-around of command IDs, causing misinterpretation later on.
The patch does the following:
- It extends the ID bitfield from 8 to 20 bits.
- It provides a DRY definition of the number of bits for the field to
avoid using literal numbers in different files.
- It introduces a new assertion that checks for the wrap-around.
- It adds the testcase from PR21254.
Samuel Benzaquen [Wed, 15 Oct 2014 14:58:46 +0000 (14:58 +0000)]
Speed up hasName() matcher.
Summary:
Speed up hasName() matcher by skipping the expensive generation of the
fully qualified name unless we need it.
In the common case of matching an unqualified name, we don't need to
generate the full name. We might not even need to copy any string at
all.
This change speeds up our clang-tidy benchmark by ~10%
David Majnemer [Wed, 15 Oct 2014 07:57:41 +0000 (07:57 +0000)]
CodeGen: Use the initing member's type for a union's storage type more often
Unions are initialized with the default initialization of their first
named member. If that member is not zero initialized, then we should
prefer that member's type. Otherwise, we might try to make an otherwise
unsuitable type (like an array) which we cannot easily initialize with a
pointer to member.
Justin Bogner [Wed, 15 Oct 2014 00:33:06 +0000 (00:33 +0000)]
Frontend: Don't accept null DiagnosticsEngines when building ASTUnits
The various ways to create an ASTUnit all take a refcounted pointer to
a diagnostics engine as an argument, and if it isn't pointing at
anything they initialize it. This is a pretty confusing API, and it
really makes more sense for the caller to initialize the thing since
they control the lifetime anyway.
This fixes the one caller that didn't bother initializing the pointer
and asserts that the argument is initialized.
David Blaikie [Tue, 14 Oct 2014 22:22:17 +0000 (22:22 +0000)]
DebugInfo: Lazily built static member variable declarations should use the canonical declaration for line/file information.
When lazily constructing static member variable declarations (when
the vtable optimization fires and the definition of the type is omitted
(or built later, lazily), but the out of line definition of the static
member is provided and must be described in debug info) ensure we use
the canonical declaration when computing the file, line, etc for that
declaration (rather than the definition, which is also a declaration,
but not the canonical one).
Tim Northover [Tue, 14 Oct 2014 22:12:21 +0000 (22:12 +0000)]
ARM: remove ARM/Thumb distinction for preferred alignment.
Thumb1 has legitimate reasons for preferring 32-bit alignment of types
i1/i8/i16, since the 16-bit encoding of "add rD, sp, #imm" requires #imm to be
a multiple of 4. However, this is a trade-off betweem code size and RAM usage;
the DataLayout string is not the best place to represent it even if desired.
So this patch removes the extra Thumb requirements, hopefully making ARM and
Thumb completely compatible in this respect.
Kaelyn Takata [Tue, 14 Oct 2014 21:57:21 +0000 (21:57 +0000)]
Be smarter when parsing variable declarations with unknown types.
Specifically, avoid typo-correcting the variable name into a type before
typo-correcting the actual type name in the declaration. Doing so
results in a very unpleasant cascade of errors, with the typo correction
of the actual type name being buried in the middle.
Tim Northover [Tue, 14 Oct 2014 20:57:29 +0000 (20:57 +0000)]
ARM: set preferred aggregate alignment to 32 universally.
Before, ARM and Thumb mode code had different preferred alignments, which could
lead to some rather unexpected results. There's justification for reducing it
from the default 64-bits (wasted space), but I don't think there is for going
below 32-bits.
There's no actual ABI change here, just to reassure people.
Reid Kleckner [Tue, 14 Oct 2014 20:28:40 +0000 (20:28 +0000)]
Factor code into CXXRecordDecl::getTemplateInstantiationPattern() helper
This moves some code from SemaType.cpp's hasVisibleDefinition() into
DeclCXX.cpp so that it can be used elsewhere. I found one other instance
of code trying to do the same thing, there are probably more. Search for
getInstantiatedFrom() to try to find more.
Mangling for blocks defined within blocks in an ObjectiveC context were also
broken by SVN r219393. Because the code in mangleName assumed that the code was
either C or C++, we would trigger assertions when trying to mangle the inner
blocks in an ObjectiveC context.
Add a test and use the ObjectiveC specific mangling when dealing with an
ObjectiveC method declaration.
This addresses a regression introduced with SVN r219393. A block may be
contained within another block. In such a scenario, we would end up within a
BlockDecl, which is not a NamedDecl (as the names are synthesised). The cast to
a NamedDecl of the DeclContext would then assert as the types are unrelated.
Restore the mangling behaviour to that prior to SVN r219393. If the current
block is contained within a BlockDecl, walk up to the parent DeclContext,
recursively, until we have a non-BlockDecl. This is expected to be a NamedDecl.
Add in a couple of asserts to ensure that the assumption that we only encounter
a block within a NamedDecl or a BlockDecl.
David Blaikie [Tue, 14 Oct 2014 16:43:46 +0000 (16:43 +0000)]
DebugInfo: Don't leak location information from one function into the prologue of the next function.
CodeGenFunction objects aren't really designed to be reused for more
than one function, and doing so can leak debug info location information
from one function into the prologue of the next.
Add an assertion in to catch reuses of CodeGenFunction, which
surprisingly only caught the ObjC atomic getter/setter cases. Fix those
and add a test to demonstrate the issue.
The test is a bit slim, because we're just testing for the absence of a
debug location on the prologue instructions, which by itself probably
wouldn't be the end of the world - but the particular debug location
that was ending up there was for the previous function's last
instruction. This produced debug info for another function within this
function, which is something I'm trying to remove all cases of as its a
substantial source of bugs, especially around inlining (see r219215).
Justin Bogner [Tue, 14 Oct 2014 00:40:55 +0000 (00:40 +0000)]
Frontend: Extract SerializedDiagnosticReader out of CXLoadedDiagnostic (NFC)
We currently read serialized diagnostics directly in the C API, which
makes it difficult to reuse this logic elsewhere. This extracts the
core of the serialized diagnostic parsing logic into a base class that
can be subclassed using a visitor pattern.
Alexey Samsonov [Mon, 13 Oct 2014 23:59:00 +0000 (23:59 +0000)]
Sanitize upcasts and conversion to virtual base.
This change adds UBSan check to upcasts. Namely, when we
perform derived-to-base conversion, we:
1) check that the pointer-to-derived has suitable alignment
and underlying storage, if this pointer is non-null.
2) if vptr-sanitizer is enabled, and we perform conversion to
virtual base, we check that pointer-to-derived has a matching vptr.
Objective-C [Sema]. Fixes a bug in comparing qualified
Objective-C pointer types. In this case, checker incorrectly
claims incompatible pointer types if redundant protocol conformance
is specified. rdar://18491222
Samuel Benzaquen [Mon, 13 Oct 2014 18:17:11 +0000 (18:17 +0000)]
Fix order of evaluation bug in DynTypedMatcher::constructVariadic().
Fix order of evaluation bug in DynTypedMatcher::constructVariadic().
If it evaluates right-to-left, the vector gets moved before we read the
kind from it.
Samuel Benzaquen [Mon, 13 Oct 2014 17:38:12 +0000 (17:38 +0000)]
Fix bug in DynTypedMatcher::constructVariadic() that would cause false negatives.
Summary:
Change r219118 fixed the bug for anyOf and eachOf, but it is still
present for unless.
The variadic wrapper doesn't have enough information to know how to
restrict the type. Different operators handle restrict failures in
different ways.
Bradley Smith [Mon, 13 Oct 2014 10:16:06 +0000 (10:16 +0000)]
[AArch64] Add workaround for Cortex-A53 erratum (835769)
Some early revisions of the Cortex-A53 have an erratum (835769) whereby it is
possible for a 64-bit multiply-accumulate instruction in AArch64 state to
generate an incorrect result. The details are quite complex and hard to
determine statically, since branches in the code may exist in some
circumstances, but all cases end with a memory (load, store, or prefetch)
instruction followed immediately by the multiply-accumulate operation.
The safest work-around for this issue is to make the compiler avoid emitting
multiply-accumulate instructions immediately after memory instructions and the
simplest way to do this is to insert a NOP.
This patch implements clang options to enable this workaround in the backend.
The work-around code generation is not enabled by default.
Alexey Bataev [Mon, 13 Oct 2014 08:23:51 +0000 (08:23 +0000)]
[OPENMP] Codegen for 'num_threads' clause in 'parallel' directive.
This patch generates call to "kmpc_push_num_threads(ident_t *loc, kmp_int32 global_tid, kmp_int32 num_threads);" library function before calling "kmpc_fork_call" each time there is an associated "num_threads" clause in the "omp parallel" directive.
Differential Revision: http://reviews.llvm.org/D5145
Alexey Bataev [Mon, 13 Oct 2014 06:02:40 +0000 (06:02 +0000)]
[OPENMP] Codegen for 'if' clause in 'parallel' directive.
Adds codegen for 'if' clause. Currently only for 'if' clause used with the 'parallel' directive.
If condition evaluates to true, the code executes parallel version of the code by calling __kmpc_fork_call(loc, 1, microtask, captured_struct/*context*/), where loc - debug location, 1 - number of additional parameters after "microtask" argument, microtask - is outlined finction for the code associated with the 'parallel' directive, captured_struct - list of variables captured in this outlined function.
If condition evaluates to false, the code executes serial version of the code by executing the following code:
Where loc - debug location, global_thread_id - global thread id, returned by __kmpc_global_thread_num() call or passed as a first parameter in microtask() call, global_thread_id.addr - address of the variable, where stored global_thread_id value, zero.addr - implicit bound thread id (should be set to 0 for serial call), microtask() and captured_struct are the same as in parallel call.
Also this patch checks if the condition is constant and if it is constant it evaluates its value and then generates either parallel version of the code (if the condition evaluates to true), or the serial version of the code (if the condition evaluates to false).
Differential Revision: http://reviews.llvm.org/D4716
Tyler Nowicki [Sun, 12 Oct 2014 20:46:07 +0000 (20:46 +0000)]
Allow constant expressions in pragma loop hints.
Previously loop hints such as #pragma loop vectorize_width(#) required a constant. This patch allows a constant expression to be used as well. Such as a non-type template parameter or an expression (2 * c + 1).