vsk created this revision.
vsk added reviewers: rsmith, samsonov.
vsk added a subscriber: cfe-commits.
Ubsan does not emit bounds checks for flexible array members, e.g:
struct Foo { char arr[0]; };
char bar(struct Foo *F) { return F->arr[1]; }
Teach ubsan to skip the bounds check for flexible array ivars as well.
This reduces the false-positive rate when instrumenting Objective-C frameworks.
Ubsan tests are typically added to compiler-rt. I chose to create a test in
clang instead because I didn't want to introduce a libobjc dependency. The test
works by checking for the "nosanitize" attribute: hopefully this is less
brittle than checking for the name of the relevant runtime handler.
http://reviews.llvm.org/D22227
Files:
lib/CodeGen/CGExpr.cpp
test/CodeGenObjC/ubsan.m
Index: test/CodeGenObjC/ubsan.m
===================================================================
--- /dev/null
+++ test/CodeGenObjC/ubsan.m
@@ -0,0 +1,14 @@
+// RUN: %clang_cc1 -x objective-c -emit-llvm -triple
x86_64-apple-macosx10.10.0 -Wno-objc-root-class -fsanitize=array-bounds %s -o -
| FileCheck %s
+
+@interface HasFlexibleArray {
+ @public char chars[0];
+}
+@end
+@implementation HasFlexibleArray @end
+
+// CHECK-LABEL: do_not_instrument_flexible_array_members
+char do_not_instrument_flexible_array_members(HasFlexibleArray *HFA) {
+// CHECK-NOT: !nosanitize
+ return HFA->chars[1];
+// CHECK: }
+}
Index: lib/CodeGen/CGExpr.cpp
===================================================================
--- lib/CodeGen/CGExpr.cpp
+++ lib/CodeGen/CGExpr.cpp
@@ -708,6 +708,8 @@
DeclContext::decl_iterator(const_cast<FieldDecl *>(FD)));
return ++FI == FD->getParent()->field_end();
}
+ } else if (const auto *IRE = dyn_cast<ObjCIvarRefExpr>(E)) {
+ return IRE->getDecl()->getNextIvar() == nullptr;
}
return false;
Index: test/CodeGenObjC/ubsan.m
===================================================================
--- /dev/null
+++ test/CodeGenObjC/ubsan.m
@@ -0,0 +1,14 @@
+// RUN: %clang_cc1 -x objective-c -emit-llvm -triple x86_64-apple-macosx10.10.0 -Wno-objc-root-class -fsanitize=array-bounds %s -o - | FileCheck %s
+
+@interface HasFlexibleArray {
+ @public char chars[0];
+}
+@end
+@implementation HasFlexibleArray @end
+
+// CHECK-LABEL: do_not_instrument_flexible_array_members
+char do_not_instrument_flexible_array_members(HasFlexibleArray *HFA) {
+// CHECK-NOT: !nosanitize
+ return HFA->chars[1];
+// CHECK: }
+}
Index: lib/CodeGen/CGExpr.cpp
===================================================================
--- lib/CodeGen/CGExpr.cpp
+++ lib/CodeGen/CGExpr.cpp
@@ -708,6 +708,8 @@
DeclContext::decl_iterator(const_cast<FieldDecl *>(FD)));
return ++FI == FD->getParent()->field_end();
}
+ } else if (const auto *IRE = dyn_cast<ObjCIvarRefExpr>(E)) {
+ return IRE->getDecl()->getNextIvar() == nullptr;
}
return false;
_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
