Reverted in r297331. vedant
> On Mar 8, 2017, at 4:25 PM, Evgenii Stepanov <eugeni.stepa...@gmail.com> > wrote: > > This is crashing ubsan bootstrap: > > http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-bootstrap/builds/962/steps/build%20clang%2Fubsan/logs/stdio > > clang-5.0: > /mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm/include/llvm/IR/Instructions.h:1110: > void llvm::ICmpInst::AssertOK(): Assertion `getOperand(0)->getType() > == getOperand(1)->getType() && "Both operands to ICmp instruction are > not of the same type!"' failed. > #0 0x0000000001f571ba llvm::sys::PrintStackTrace(llvm::raw_ostream&) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x1f571ba) > #1 0x0000000001f54e5e llvm::sys::RunSignalHandlers() > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x1f54e5e) > #2 0x0000000001f54fd2 SignalHandler(int) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x1f54fd2) > #3 0x00007f7decc81390 __restore_rt > (/lib/x86_64-linux-gnu/libpthread.so.0+0x11390) > #4 0x00007f7debc0e428 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x35428) > #5 0x00007f7debc1002a abort (/lib/x86_64-linux-gnu/libc.so.6+0x3702a) > #6 0x00007f7debc06bd7 (/lib/x86_64-linux-gnu/libc.so.6+0x2dbd7) > #7 0x00007f7debc06c82 (/lib/x86_64-linux-gnu/libc.so.6+0x2dc82) > #8 0x0000000002155ded llvm::IRBuilder<llvm::ConstantFolder, > clang::CodeGen::CGBuilderInserter>::CreateICmp(llvm::CmpInst::Predicate, > llvm::Value*, llvm::Value*, llvm::Twine const&) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2155ded) > #9 0x00000000022ade21 > clang::CodeGen::CodeGenFunction::EmitScalarRangeCheck(llvm::Value*, > clang::QualType, clang::SourceLocation) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22ade21) > #10 0x00000000022af0ce > clang::CodeGen::CodeGenFunction::EmitLoadOfBitfieldLValue(clang::CodeGen::LValue, > clang::SourceLocation) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22af0ce) > #11 0x00000000022af48f > clang::CodeGen::CodeGenFunction::EmitLoadOfLValue(clang::CodeGen::LValue, > clang::SourceLocation) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22af48f) > #12 0x00000000022df2ab (anonymous > namespace)::ScalarExprEmitter::EmitLoadOfLValue(clang::Expr const*) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22df2ab) > #13 0x0000000000870194 (anonymous > namespace)::ScalarExprEmitter::VisitMemberExpr(clang::MemberExpr*) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x870194) > #14 0x00000000022dd7a4 (anonymous > namespace)::ScalarExprEmitter::Visit(clang::Expr*) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22dd7a4) > #15 0x0000000000870973 (anonymous > namespace)::ScalarExprEmitter::VisitCastExpr(clang::CastExpr*) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x870973) > #16 0x00000000022ddad0 (anonymous > namespace)::ScalarExprEmitter::Visit(clang::Expr*) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22ddad0) > #17 0x00000000022de763 > clang::CodeGen::CodeGenFunction::EmitScalarExpr(clang::Expr const*, > bool) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22de763) > #18 0x00000000022a023d > clang::CodeGen::CodeGenFunction::EvaluateExprAsBool(clang::Expr > const*) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22a023d) > #19 0x000000000217f789 > clang::CodeGen::CodeGenFunction::EmitBranchOnBoolExpr(clang::Expr > const*, llvm::BasicBlock*, llvm::BasicBlock*, unsigned long) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x217f789) > #20 0x000000000217fdaf > clang::CodeGen::CodeGenFunction::EmitBranchOnBoolExpr(clang::Expr > const*, llvm::BasicBlock*, llvm::BasicBlock*, unsigned long) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x217fdaf) > #21 0x0000000002148c63 > clang::CodeGen::CodeGenFunction::EmitIfStmt(clang::IfStmt const&) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2148c63) > #22 0x0000000002147b57 > clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2147b57) > #23 0x00000000021485ef > clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope(clang::CompoundStmt > const&, bool, clang::CodeGen::AggValueSlot) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21485ef) > #24 0x00000000021488f7 > clang::CodeGen::CodeGenFunction::EmitCompoundStmt(clang::CompoundStmt > const&, bool, clang::CodeGen::AggValueSlot) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21488f7) > #25 0x000000000214b7b3 > clang::CodeGen::CodeGenFunction::EmitSimpleStmt(clang::Stmt const*) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x214b7b3) > #26 0x0000000002147435 > clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2147435) > #27 0x000000000227d4cc > clang::CodeGen::CodeGenFunction::EmitDestructorBody(clang::CodeGen::FunctionArgList&) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x227d4cc) > #28 0x0000000002185ceb > clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, > llvm::Function*, clang::CodeGen::CGFunctionInfo const&) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2185ceb) > #29 0x000000000224e2f8 > clang::CodeGen::CodeGenModule::codegenCXXStructor(clang::CXXMethodDecl > const*, clang::CodeGen::StructorType) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x224e2f8) > #30 0x00000000021e8eb2 (anonymous > namespace)::ItaniumCXXABI::emitCXXStructor(clang::CXXMethodDecl > const*, clang::CodeGen::StructorType) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21e8eb2) > #31 0x00000000021b626d > clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, > llvm::GlobalValue*) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21b626d) > #32 0x00000000021b64cc clang::CodeGen::CodeGenModule::EmitDeferred() > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21b64cc) > #33 0x00000000021b64e6 clang::CodeGen::CodeGenModule::EmitDeferred() > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21b64e6) > #34 0x00000000021b6684 clang::CodeGen::CodeGenModule::Release() > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21b6684) > #35 0x00000000027bfd37 (anonymous > namespace)::CodeGeneratorImpl::HandleTranslationUnit(clang::ASTContext&) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x27bfd37) > #36 0x00000000027be875 > clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x27be875) > #37 0x0000000002b5c578 clang::ParseAST(clang::Sema&, bool, bool) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2b5c578) > #38 0x00000000027bdb5a clang::CodeGenAction::ExecuteAction() > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x27bdb5a) > #39 0x000000000248e3f6 clang::FrontendAction::Execute() > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x248e3f6) > #40 0x0000000002460d46 > clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2460d46) > #41 0x000000000251658a > clang::ExecuteCompilerInvocation(clang::CompilerInstance*) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x251658a) > #42 0x0000000000a6e328 cc1_main(llvm::ArrayRef<char const*>, char > const*, void*) > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0xa6e328) > #43 0x0000000000a028cc main > (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0xa028cc) > > On Wed, Mar 8, 2017 at 9:38 AM, Vedant Kumar via cfe-commits > <cfe-commits@lists.llvm.org> wrote: >> Author: vedantk >> Date: Wed Mar 8 11:38:57 2017 >> New Revision: 297298 >> >> URL: http://llvm.org/viewvc/llvm-project?rev=297298&view=rev >> Log: >> [ubsan] Detect UB loads from bitfields >> >> It's possible to load out-of-range values from bitfields backed by a >> boolean or an enum. Check for UB loads from bitfields. >> >> This is the motivating example: >> >> struct S { >> BOOL b : 1; // Signed ObjC BOOL. >> }; >> >> S s; >> s.b = 1; // This is actually stored as -1. >> if (s.b == 1) // Evaluates to false, -1 != 1. >> ... >> >> Differential Revision: https://reviews.llvm.org/D30423 >> >> Added: >> cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp >> Modified: >> cfe/trunk/lib/CodeGen/CGAtomic.cpp >> cfe/trunk/lib/CodeGen/CGExpr.cpp >> cfe/trunk/lib/CodeGen/CodeGenFunction.h >> cfe/trunk/test/CodeGenObjC/ubsan-bool.m >> >> Modified: cfe/trunk/lib/CodeGen/CGAtomic.cpp >> URL: >> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGAtomic.cpp?rev=297298&r1=297297&r2=297298&view=diff >> ============================================================================== >> --- cfe/trunk/lib/CodeGen/CGAtomic.cpp (original) >> +++ cfe/trunk/lib/CodeGen/CGAtomic.cpp Wed Mar 8 11:38:57 2017 >> @@ -1181,7 +1181,7 @@ RValue AtomicInfo::convertAtomicTempToRV >> if (LVal.isBitField()) >> return CGF.EmitLoadOfBitfieldLValue( >> LValue::MakeBitfield(addr, LVal.getBitFieldInfo(), LVal.getType(), >> - LVal.getAlignmentSource())); >> + LVal.getAlignmentSource()), loc); >> if (LVal.isVectorElt()) >> return CGF.EmitLoadOfLValue( >> LValue::MakeVectorElt(addr, LVal.getVectorIdx(), LVal.getType(), >> >> Modified: cfe/trunk/lib/CodeGen/CGExpr.cpp >> URL: >> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGExpr.cpp?rev=297298&r1=297297&r2=297298&view=diff >> ============================================================================== >> --- cfe/trunk/lib/CodeGen/CGExpr.cpp (original) >> +++ cfe/trunk/lib/CodeGen/CGExpr.cpp Wed Mar 8 11:38:57 2017 >> @@ -1549,10 +1549,11 @@ RValue CodeGenFunction::EmitLoadOfLValue >> return EmitLoadOfGlobalRegLValue(LV); >> >> assert(LV.isBitField() && "Unknown LValue type!"); >> - return EmitLoadOfBitfieldLValue(LV); >> + return EmitLoadOfBitfieldLValue(LV, Loc); >> } >> >> -RValue CodeGenFunction::EmitLoadOfBitfieldLValue(LValue LV) { >> +RValue CodeGenFunction::EmitLoadOfBitfieldLValue(LValue LV, >> + SourceLocation Loc) { >> const CGBitFieldInfo &Info = LV.getBitFieldInfo(); >> >> // Get the output type. >> @@ -1577,7 +1578,7 @@ RValue CodeGenFunction::EmitLoadOfBitfie >> "bf.clear"); >> } >> Val = Builder.CreateIntCast(Val, ResLTy, Info.IsSigned, "bf.cast"); >> - >> + EmitScalarRangeCheck(Val, LV.getType(), Loc); >> return RValue::get(Val); >> } >> >> >> Modified: cfe/trunk/lib/CodeGen/CodeGenFunction.h >> URL: >> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CodeGenFunction.h?rev=297298&r1=297297&r2=297298&view=diff >> ============================================================================== >> --- cfe/trunk/lib/CodeGen/CodeGenFunction.h (original) >> +++ cfe/trunk/lib/CodeGen/CodeGenFunction.h Wed Mar 8 11:38:57 2017 >> @@ -2943,7 +2943,7 @@ public: >> /// rvalue, returning the rvalue. >> RValue EmitLoadOfLValue(LValue V, SourceLocation Loc); >> RValue EmitLoadOfExtVectorElementLValue(LValue V); >> - RValue EmitLoadOfBitfieldLValue(LValue LV); >> + RValue EmitLoadOfBitfieldLValue(LValue LV, SourceLocation Loc); >> RValue EmitLoadOfGlobalRegLValue(LValue LV); >> >> /// EmitStoreThroughLValue - Store the specified rvalue into the specified >> >> Added: cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp >> URL: >> http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp?rev=297298&view=auto >> ============================================================================== >> --- cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp (added) >> +++ cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp Wed Mar 8 11:38:57 2017 >> @@ -0,0 +1,21 @@ >> +// RUN: %clang_cc1 -std=c++11 -triple x86_64-apple-darwin10 -emit-llvm -o - >> %s -fsanitize=enum | FileCheck %s >> + >> +enum E { >> + a = 1, >> + b = 2, >> + c = 3 >> +}; >> + >> +struct S { >> + E e1 : 10; >> +}; >> + >> +// CHECK-LABEL: define i32 @_Z4loadP1S >> +E load(S *s) { >> + // CHECK: [[LOAD:%.*]] = load i16, i16* {{.*}} >> + // CHECK: [[CLEAR:%.*]] = and i16 [[LOAD]], 1023 >> + // CHECK: [[CAST:%.*]] = zext i16 [[CLEAR]] to i32 >> + // CHECK: icmp ule i32 [[CAST]], 3, !nosanitize >> + // CHECK: call void @__ubsan_handle_load_invalid_value >> + return s->e1; >> +} >> >> Modified: cfe/trunk/test/CodeGenObjC/ubsan-bool.m >> URL: >> http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGenObjC/ubsan-bool.m?rev=297298&r1=297297&r2=297298&view=diff >> ============================================================================== >> --- cfe/trunk/test/CodeGenObjC/ubsan-bool.m (original) >> +++ cfe/trunk/test/CodeGenObjC/ubsan-bool.m Wed Mar 8 11:38:57 2017 >> @@ -1,5 +1,5 @@ >> -// RUN: %clang_cc1 -x objective-c -emit-llvm -triple >> x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - | FileCheck %s >> -check-prefixes=SHARED,OBJC >> -// RUN: %clang_cc1 -x objective-c++ -emit-llvm -triple >> x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - | FileCheck %s >> -check-prefixes=SHARED,OBJC >> +// RUN: %clang_cc1 -x objective-c -emit-llvm -triple >> x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - -w | FileCheck %s >> -check-prefixes=SHARED,OBJC >> +// RUN: %clang_cc1 -x objective-c++ -emit-llvm -triple >> x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - -w | FileCheck %s >> -check-prefixes=SHARED,OBJC >> // RUN: %clang_cc1 -x c -emit-llvm -triple x86_64-apple-macosx10.10.0 >> -fsanitize=bool %s -o - | FileCheck %s -check-prefixes=SHARED,C >> >> typedef signed char BOOL; >> @@ -10,4 +10,57 @@ BOOL f1() { >> // C-NOT: call void @__ubsan_handle_load_invalid_value >> BOOL a = 2; >> return a + 1; >> + // SHARED: ret i8 >> } >> + >> +struct S1 { >> + BOOL b1 : 1; >> +}; >> + >> +// SHARED-LABEL: f2 >> +BOOL f2(struct S1 *s) { >> + // OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}} >> + // OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7 >> + // OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7 >> + // OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize >> + // OBJC: call void @__ubsan_handle_load_invalid_value >> + >> + // C-NOT: call void @__ubsan_handle_load_invalid_value >> + return s->b1; >> + // SHARED: ret i8 >> +} >> + >> +#ifdef __OBJC__ >> +@interface I1 { >> +@public >> + BOOL b1 : 1; >> +} >> +@property (nonatomic) BOOL b1; >> +@end >> +@implementation I1 >> +@synthesize b1; >> +@end >> + >> +// Check the synthesized getter. >> +// OBJC-LABEL: define internal signext i8 @"\01-[I1 b1]" >> +// OBJC: [[IVAR:%.*]] = load i64, i64* @"OBJC_IVAR_$_I1.b1" >> +// OBJC: [[ADDR:%.*]] = getelementptr inbounds i8, i8* {{.*}}, i64 [[IVAR]] >> +// OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}} >> +// OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7 >> +// OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7 >> +// OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize >> +// OBJC: call void @__ubsan_handle_load_invalid_value >> + >> +// Also check direct accesses to the ivar. >> +// OBJC-LABEL: f3 >> +BOOL f3(I1 *i) { >> + // OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}} >> + // OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7 >> + // OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7 >> + // OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize >> + // OBJC: call void @__ubsan_handle_load_invalid_value >> + >> + return i->b1; >> + // OBJC: ret i8 >> +} >> +#endif /* __OBJC__ */ >> >> >> _______________________________________________ >> cfe-commits mailing list >> cfe-commits@lists.llvm.org >> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
