diff options
| author | Vedant Kumar <vsk@apple.com> | 2017-01-27 23:02:44 +0000 |
|---|---|---|
| committer | Vedant Kumar <vsk@apple.com> | 2017-01-27 23:02:44 +0000 |
| commit | 3db9974b2d4a0d5092eccbf2e1384d66ab1e6a46 (patch) | |
| tree | 68d7aa58933a8bb67d90d680ace2b2099e2fea0d | |
| parent | 5ad775f2e8997391a65b4f3992689369bd78a9e6 (diff) | |
| download | bcm5719-llvm-3db9974b2d4a0d5092eccbf2e1384d66ab1e6a46.tar.gz bcm5719-llvm-3db9974b2d4a0d5092eccbf2e1384d66ab1e6a46.zip | |
[ubsan] Sanity-check shift amounts before truncation (fixes PR27271)
Ubsan does not report UB shifts in some cases where the shift exponent
needs to be truncated to match the type of the shift base. We perform a
range check on the truncated shift amount, leading to false negatives.
Fix the issue (PR27271) by performing the range check on the original
shift amount.
Differential Revision: https://reviews.llvm.org/D29234
llvm-svn: 293343
| -rw-r--r-- | clang/lib/CodeGen/CGExprScalar.cpp | 4 | ||||
| -rw-r--r-- | clang/test/CodeGen/ubsan-shift.c | 29 |
2 files changed, 31 insertions, 2 deletions
diff --git a/clang/lib/CodeGen/CGExprScalar.cpp b/clang/lib/CodeGen/CGExprScalar.cpp index 1b85c45cd4b..40d949deceb 100644 --- a/clang/lib/CodeGen/CGExprScalar.cpp +++ b/clang/lib/CodeGen/CGExprScalar.cpp @@ -2751,8 +2751,8 @@ Value *ScalarExprEmitter::EmitShl(const BinOpInfo &Ops) { isa<llvm::IntegerType>(Ops.LHS->getType())) { CodeGenFunction::SanitizerScope SanScope(&CGF); SmallVector<std::pair<Value *, SanitizerMask>, 2> Checks; - llvm::Value *WidthMinusOne = GetWidthMinusOneValue(Ops.LHS, RHS); - llvm::Value *ValidExponent = Builder.CreateICmpULE(RHS, WidthMinusOne); + llvm::Value *WidthMinusOne = GetWidthMinusOneValue(Ops.LHS, Ops.RHS); + llvm::Value *ValidExponent = Builder.CreateICmpULE(Ops.RHS, WidthMinusOne); if (SanitizeExponent) { Checks.push_back( diff --git a/clang/test/CodeGen/ubsan-shift.c b/clang/test/CodeGen/ubsan-shift.c new file mode 100644 index 00000000000..ecdb2b92758 --- /dev/null +++ b/clang/test/CodeGen/ubsan-shift.c @@ -0,0 +1,29 @@ +// RUN: %clang_cc1 -triple=x86_64-apple-darwin -fsanitize=shift-exponent -emit-llvm %s -o - | FileCheck %s + +// CHECK-LABEL: define i32 @f1 +int f1(int c, int shamt) { +// CHECK: icmp ule i32 %{{.*}}, 31, !nosanitize +// CHECK: icmp ule i32 %{{.*}}, 31, !nosanitize + return 1 << (c << shamt); +} + +// CHECK-LABEL: define i32 @f2 +int f2(long c, int shamt) { +// CHECK: icmp ule i32 %{{.*}}, 63, !nosanitize +// CHECK: icmp ule i64 %{{.*}}, 31, !nosanitize + return 1 << (c << shamt); +} + +// CHECK-LABEL: define i32 @f3 +unsigned f3(unsigned c, int shamt) { +// CHECK: icmp ule i32 %{{.*}}, 31, !nosanitize +// CHECK: icmp ule i32 %{{.*}}, 31, !nosanitize + return 1U << (c << shamt); +} + +// CHECK-LABEL: define i32 @f4 +unsigned f4(unsigned long c, int shamt) { +// CHECK: icmp ule i32 %{{.*}}, 63, !nosanitize +// CHECK: icmp ule i64 %{{.*}}, 31, !nosanitize + return 1U << (c << shamt); +} |
