This is crashing ubsan bootstrap: http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-bootstrap/builds/962/steps/build%20clang%2Fubsan/logs/stdio
clang-5.0: /mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm/include/llvm/IR/Instructions.h:1110: void llvm::ICmpInst::AssertOK(): Assertion `getOperand(0)->getType() == getOperand(1)->getType() && "Both operands to ICmp instruction are not of the same type!"' failed. #0 0x0000000001f571ba llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x1f571ba) #1 0x0000000001f54e5e llvm::sys::RunSignalHandlers() (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x1f54e5e) #2 0x0000000001f54fd2 SignalHandler(int) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x1f54fd2) #3 0x00007f7decc81390 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x11390) #4 0x00007f7debc0e428 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x35428) #5 0x00007f7debc1002a abort (/lib/x86_64-linux-gnu/libc.so.6+0x3702a) #6 0x00007f7debc06bd7 (/lib/x86_64-linux-gnu/libc.so.6+0x2dbd7) #7 0x00007f7debc06c82 (/lib/x86_64-linux-gnu/libc.so.6+0x2dc82) #8 0x0000000002155ded llvm::IRBuilder<llvm::ConstantFolder, clang::CodeGen::CGBuilderInserter>::CreateICmp(llvm::CmpInst::Predicate, llvm::Value*, llvm::Value*, llvm::Twine const&) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2155ded) #9 0x00000000022ade21 clang::CodeGen::CodeGenFunction::EmitScalarRangeCheck(llvm::Value*, clang::QualType, clang::SourceLocation) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22ade21) #10 0x00000000022af0ce clang::CodeGen::CodeGenFunction::EmitLoadOfBitfieldLValue(clang::CodeGen::LValue, clang::SourceLocation) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22af0ce) #11 0x00000000022af48f clang::CodeGen::CodeGenFunction::EmitLoadOfLValue(clang::CodeGen::LValue, clang::SourceLocation) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22af48f) #12 0x00000000022df2ab (anonymous namespace)::ScalarExprEmitter::EmitLoadOfLValue(clang::Expr const*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22df2ab) #13 0x0000000000870194 (anonymous namespace)::ScalarExprEmitter::VisitMemberExpr(clang::MemberExpr*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x870194) #14 0x00000000022dd7a4 (anonymous namespace)::ScalarExprEmitter::Visit(clang::Expr*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22dd7a4) #15 0x0000000000870973 (anonymous namespace)::ScalarExprEmitter::VisitCastExpr(clang::CastExpr*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x870973) #16 0x00000000022ddad0 (anonymous namespace)::ScalarExprEmitter::Visit(clang::Expr*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22ddad0) #17 0x00000000022de763 clang::CodeGen::CodeGenFunction::EmitScalarExpr(clang::Expr const*, bool) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22de763) #18 0x00000000022a023d clang::CodeGen::CodeGenFunction::EvaluateExprAsBool(clang::Expr const*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22a023d) #19 0x000000000217f789 clang::CodeGen::CodeGenFunction::EmitBranchOnBoolExpr(clang::Expr const*, llvm::BasicBlock*, llvm::BasicBlock*, unsigned long) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x217f789) #20 0x000000000217fdaf clang::CodeGen::CodeGenFunction::EmitBranchOnBoolExpr(clang::Expr const*, llvm::BasicBlock*, llvm::BasicBlock*, unsigned long) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x217fdaf) #21 0x0000000002148c63 clang::CodeGen::CodeGenFunction::EmitIfStmt(clang::IfStmt const&) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2148c63) #22 0x0000000002147b57 clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2147b57) #23 0x00000000021485ef clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope(clang::CompoundStmt const&, bool, clang::CodeGen::AggValueSlot) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21485ef) #24 0x00000000021488f7 clang::CodeGen::CodeGenFunction::EmitCompoundStmt(clang::CompoundStmt const&, bool, clang::CodeGen::AggValueSlot) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21488f7) #25 0x000000000214b7b3 clang::CodeGen::CodeGenFunction::EmitSimpleStmt(clang::Stmt const*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x214b7b3) #26 0x0000000002147435 clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2147435) #27 0x000000000227d4cc clang::CodeGen::CodeGenFunction::EmitDestructorBody(clang::CodeGen::FunctionArgList&) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x227d4cc) #28 0x0000000002185ceb clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, llvm::Function*, clang::CodeGen::CGFunctionInfo const&) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2185ceb) #29 0x000000000224e2f8 clang::CodeGen::CodeGenModule::codegenCXXStructor(clang::CXXMethodDecl const*, clang::CodeGen::StructorType) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x224e2f8) #30 0x00000000021e8eb2 (anonymous namespace)::ItaniumCXXABI::emitCXXStructor(clang::CXXMethodDecl const*, clang::CodeGen::StructorType) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21e8eb2) #31 0x00000000021b626d clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, llvm::GlobalValue*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21b626d) #32 0x00000000021b64cc clang::CodeGen::CodeGenModule::EmitDeferred() (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21b64cc) #33 0x00000000021b64e6 clang::CodeGen::CodeGenModule::EmitDeferred() (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21b64e6) #34 0x00000000021b6684 clang::CodeGen::CodeGenModule::Release() (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21b6684) #35 0x00000000027bfd37 (anonymous namespace)::CodeGeneratorImpl::HandleTranslationUnit(clang::ASTContext&) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x27bfd37) #36 0x00000000027be875 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x27be875) #37 0x0000000002b5c578 clang::ParseAST(clang::Sema&, bool, bool) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2b5c578) #38 0x00000000027bdb5a clang::CodeGenAction::ExecuteAction() (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x27bdb5a) #39 0x000000000248e3f6 clang::FrontendAction::Execute() (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x248e3f6) #40 0x0000000002460d46 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2460d46) #41 0x000000000251658a clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x251658a) #42 0x0000000000a6e328 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0xa6e328) #43 0x0000000000a028cc main (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0xa028cc) On Wed, Mar 8, 2017 at 9:38 AM, Vedant Kumar via cfe-commits <cfe-commits@lists.llvm.org> wrote: > Author: vedantk > Date: Wed Mar 8 11:38:57 2017 > New Revision: 297298 > > URL: http://llvm.org/viewvc/llvm-project?rev=297298&view=rev > Log: > [ubsan] Detect UB loads from bitfields > > It's possible to load out-of-range values from bitfields backed by a > boolean or an enum. Check for UB loads from bitfields. > > This is the motivating example: > > struct S { > BOOL b : 1; // Signed ObjC BOOL. > }; > > S s; > s.b = 1; // This is actually stored as -1. > if (s.b == 1) // Evaluates to false, -1 != 1. > ... > > Differential Revision: https://reviews.llvm.org/D30423 > > Added: > cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp > Modified: > cfe/trunk/lib/CodeGen/CGAtomic.cpp > cfe/trunk/lib/CodeGen/CGExpr.cpp > cfe/trunk/lib/CodeGen/CodeGenFunction.h > cfe/trunk/test/CodeGenObjC/ubsan-bool.m > > Modified: cfe/trunk/lib/CodeGen/CGAtomic.cpp > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGAtomic.cpp?rev=297298&r1=297297&r2=297298&view=diff > ============================================================================== > --- cfe/trunk/lib/CodeGen/CGAtomic.cpp (original) > +++ cfe/trunk/lib/CodeGen/CGAtomic.cpp Wed Mar 8 11:38:57 2017 > @@ -1181,7 +1181,7 @@ RValue AtomicInfo::convertAtomicTempToRV > if (LVal.isBitField()) > return CGF.EmitLoadOfBitfieldLValue( > LValue::MakeBitfield(addr, LVal.getBitFieldInfo(), LVal.getType(), > - LVal.getAlignmentSource())); > + LVal.getAlignmentSource()), loc); > if (LVal.isVectorElt()) > return CGF.EmitLoadOfLValue( > LValue::MakeVectorElt(addr, LVal.getVectorIdx(), LVal.getType(), > > Modified: cfe/trunk/lib/CodeGen/CGExpr.cpp > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGExpr.cpp?rev=297298&r1=297297&r2=297298&view=diff > ============================================================================== > --- cfe/trunk/lib/CodeGen/CGExpr.cpp (original) > +++ cfe/trunk/lib/CodeGen/CGExpr.cpp Wed Mar 8 11:38:57 2017 > @@ -1549,10 +1549,11 @@ RValue CodeGenFunction::EmitLoadOfLValue > return EmitLoadOfGlobalRegLValue(LV); > > assert(LV.isBitField() && "Unknown LValue type!"); > - return EmitLoadOfBitfieldLValue(LV); > + return EmitLoadOfBitfieldLValue(LV, Loc); > } > > -RValue CodeGenFunction::EmitLoadOfBitfieldLValue(LValue LV) { > +RValue CodeGenFunction::EmitLoadOfBitfieldLValue(LValue LV, > + SourceLocation Loc) { > const CGBitFieldInfo &Info = LV.getBitFieldInfo(); > > // Get the output type. > @@ -1577,7 +1578,7 @@ RValue CodeGenFunction::EmitLoadOfBitfie > "bf.clear"); > } > Val = Builder.CreateIntCast(Val, ResLTy, Info.IsSigned, "bf.cast"); > - > + EmitScalarRangeCheck(Val, LV.getType(), Loc); > return RValue::get(Val); > } > > > Modified: cfe/trunk/lib/CodeGen/CodeGenFunction.h > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CodeGenFunction.h?rev=297298&r1=297297&r2=297298&view=diff > ============================================================================== > --- cfe/trunk/lib/CodeGen/CodeGenFunction.h (original) > +++ cfe/trunk/lib/CodeGen/CodeGenFunction.h Wed Mar 8 11:38:57 2017 > @@ -2943,7 +2943,7 @@ public: > /// rvalue, returning the rvalue. > RValue EmitLoadOfLValue(LValue V, SourceLocation Loc); > RValue EmitLoadOfExtVectorElementLValue(LValue V); > - RValue EmitLoadOfBitfieldLValue(LValue LV); > + RValue EmitLoadOfBitfieldLValue(LValue LV, SourceLocation Loc); > RValue EmitLoadOfGlobalRegLValue(LValue LV); > > /// EmitStoreThroughLValue - Store the specified rvalue into the specified > > Added: cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp?rev=297298&view=auto > ============================================================================== > --- cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp (added) > +++ cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp Wed Mar 8 11:38:57 2017 > @@ -0,0 +1,21 @@ > +// RUN: %clang_cc1 -std=c++11 -triple x86_64-apple-darwin10 -emit-llvm -o - > %s -fsanitize=enum | FileCheck %s > + > +enum E { > + a = 1, > + b = 2, > + c = 3 > +}; > + > +struct S { > + E e1 : 10; > +}; > + > +// CHECK-LABEL: define i32 @_Z4loadP1S > +E load(S *s) { > + // CHECK: [[LOAD:%.*]] = load i16, i16* {{.*}} > + // CHECK: [[CLEAR:%.*]] = and i16 [[LOAD]], 1023 > + // CHECK: [[CAST:%.*]] = zext i16 [[CLEAR]] to i32 > + // CHECK: icmp ule i32 [[CAST]], 3, !nosanitize > + // CHECK: call void @__ubsan_handle_load_invalid_value > + return s->e1; > +} > > Modified: cfe/trunk/test/CodeGenObjC/ubsan-bool.m > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGenObjC/ubsan-bool.m?rev=297298&r1=297297&r2=297298&view=diff > ============================================================================== > --- cfe/trunk/test/CodeGenObjC/ubsan-bool.m (original) > +++ cfe/trunk/test/CodeGenObjC/ubsan-bool.m Wed Mar 8 11:38:57 2017 > @@ -1,5 +1,5 @@ > -// RUN: %clang_cc1 -x objective-c -emit-llvm -triple > x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - | FileCheck %s > -check-prefixes=SHARED,OBJC > -// RUN: %clang_cc1 -x objective-c++ -emit-llvm -triple > x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - | FileCheck %s > -check-prefixes=SHARED,OBJC > +// RUN: %clang_cc1 -x objective-c -emit-llvm -triple > x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - -w | FileCheck %s > -check-prefixes=SHARED,OBJC > +// RUN: %clang_cc1 -x objective-c++ -emit-llvm -triple > x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - -w | FileCheck %s > -check-prefixes=SHARED,OBJC > // RUN: %clang_cc1 -x c -emit-llvm -triple x86_64-apple-macosx10.10.0 > -fsanitize=bool %s -o - | FileCheck %s -check-prefixes=SHARED,C > > typedef signed char BOOL; > @@ -10,4 +10,57 @@ BOOL f1() { > // C-NOT: call void @__ubsan_handle_load_invalid_value > BOOL a = 2; > return a + 1; > + // SHARED: ret i8 > } > + > +struct S1 { > + BOOL b1 : 1; > +}; > + > +// SHARED-LABEL: f2 > +BOOL f2(struct S1 *s) { > + // OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}} > + // OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7 > + // OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7 > + // OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize > + // OBJC: call void @__ubsan_handle_load_invalid_value > + > + // C-NOT: call void @__ubsan_handle_load_invalid_value > + return s->b1; > + // SHARED: ret i8 > +} > + > +#ifdef __OBJC__ > +@interface I1 { > +@public > + BOOL b1 : 1; > +} > +@property (nonatomic) BOOL b1; > +@end > +@implementation I1 > +@synthesize b1; > +@end > + > +// Check the synthesized getter. > +// OBJC-LABEL: define internal signext i8 @"\01-[I1 b1]" > +// OBJC: [[IVAR:%.*]] = load i64, i64* @"OBJC_IVAR_$_I1.b1" > +// OBJC: [[ADDR:%.*]] = getelementptr inbounds i8, i8* {{.*}}, i64 [[IVAR]] > +// OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}} > +// OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7 > +// OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7 > +// OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize > +// OBJC: call void @__ubsan_handle_load_invalid_value > + > +// Also check direct accesses to the ivar. > +// OBJC-LABEL: f3 > +BOOL f3(I1 *i) { > + // OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}} > + // OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7 > + // OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7 > + // OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize > + // OBJC: call void @__ubsan_handle_load_invalid_value > + > + return i->b1; > + // OBJC: ret i8 > +} > +#endif /* __OBJC__ */ > > > _______________________________________________ > cfe-commits mailing list > cfe-commits@lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
