diff options
| author | Vedant Kumar <vsk@apple.com> | 2017-03-09 16:06:27 +0000 |
|---|---|---|
| committer | Vedant Kumar <vsk@apple.com> | 2017-03-09 16:06:27 +0000 |
| commit | 129edab125931162665df2ceecb87bf917f2425d (patch) | |
| tree | 619625ca620e42ca553699edbc2a7b8dd7368f91 /clang/test/CodeGenObjC | |
| parent | 4d297df95c4e6299087ed12e9aa67a1b686d01fd (diff) | |
| download | bcm5719-llvm-129edab125931162665df2ceecb87bf917f2425d.tar.gz bcm5719-llvm-129edab125931162665df2ceecb87bf917f2425d.zip | |
Retry: [ubsan] Detect UB loads from bitfields
It's possible to load out-of-range values from bitfields backed by a
boolean or an enum. Check for UB loads from bitfields.
This is the motivating example:
struct S {
BOOL b : 1; // Signed ObjC BOOL.
};
S s;
s.b = 1; // This is actually stored as -1.
if (s.b == 1) // Evaluates to false, -1 != 1.
...
Changes since the original commit:
- Single-bit bools are a special case (see CGF::EmitFromMemory), and we
can't avoid dealing with them when loading from a bitfield. Don't try to
insert a check in this case.
Differential Revision: https://reviews.llvm.org/D30423
llvm-svn: 297389
Diffstat (limited to 'clang/test/CodeGenObjC')
| -rw-r--r-- | clang/test/CodeGenObjC/ubsan-bool.m | 57 |
1 files changed, 55 insertions, 2 deletions
diff --git a/clang/test/CodeGenObjC/ubsan-bool.m b/clang/test/CodeGenObjC/ubsan-bool.m index 6d6c08358d0..b30562c4d42 100644 --- a/clang/test/CodeGenObjC/ubsan-bool.m +++ b/clang/test/CodeGenObjC/ubsan-bool.m @@ -1,5 +1,5 @@ -// RUN: %clang_cc1 -x objective-c -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - | FileCheck %s -check-prefixes=SHARED,OBJC -// RUN: %clang_cc1 -x objective-c++ -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - | FileCheck %s -check-prefixes=SHARED,OBJC +// RUN: %clang_cc1 -x objective-c -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - -w | FileCheck %s -check-prefixes=SHARED,OBJC +// RUN: %clang_cc1 -x objective-c++ -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - -w | FileCheck %s -check-prefixes=SHARED,OBJC // RUN: %clang_cc1 -x c -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - | FileCheck %s -check-prefixes=SHARED,C typedef signed char BOOL; @@ -10,4 +10,57 @@ BOOL f1() { // C-NOT: call void @__ubsan_handle_load_invalid_value BOOL a = 2; return a + 1; + // SHARED: ret i8 } + +struct S1 { + BOOL b1 : 1; +}; + +// SHARED-LABEL: f2 +BOOL f2(struct S1 *s) { + // OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}} + // OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7 + // OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7 + // OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize + // OBJC: call void @__ubsan_handle_load_invalid_value + + // C-NOT: call void @__ubsan_handle_load_invalid_value + return s->b1; + // SHARED: ret i8 +} + +#ifdef __OBJC__ +@interface I1 { +@public + BOOL b1 : 1; +} +@property (nonatomic) BOOL b1; +@end +@implementation I1 +@synthesize b1; +@end + +// Check the synthesized getter. +// OBJC-LABEL: define internal signext i8 @"\01-[I1 b1]" +// OBJC: [[IVAR:%.*]] = load i64, i64* @"OBJC_IVAR_$_I1.b1" +// OBJC: [[ADDR:%.*]] = getelementptr inbounds i8, i8* {{.*}}, i64 [[IVAR]] +// OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}} +// OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7 +// OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7 +// OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize +// OBJC: call void @__ubsan_handle_load_invalid_value + +// Also check direct accesses to the ivar. +// OBJC-LABEL: f3 +BOOL f3(I1 *i) { + // OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}} + // OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7 + // OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7 + // OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize + // OBJC: call void @__ubsan_handle_load_invalid_value + + return i->b1; + // OBJC: ret i8 +} +#endif /* __OBJC__ */ |
