Minimal runtime for UBSan.

Summary:
An implementation of ubsan runtime library suitable for use in production.

Minimal attack surface.
* No stack traces.
* Definitely no C++ demangling.
* No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general.
* as simple as possible

Minimal CPU and RAM overhead.
* Source locations unnecessary in the presence of (split) debug info.
* Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at.
* above two items save 3% binary size.

When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt.

Reviewers: pcc, kcc

Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits

Differential Revision: https://reviews.llvm.org/D36810

llvm-svn: 312029

3 files changed, 76 insertions, 0 deletions

diff --git a/compiler-rt/test/ubsan_minimal/TestCases/recover-dedup-limit.cpp b/compiler-rt/test/ubsan_minimal/TestCases/recover-dedup-limit.cpp
new file mode 100644
index 00000000000..faa2b66ad80
--- /dev/null
+++ b/compiler-rt/test/ubsan_minimal/TestCases/recover-dedup-limit.cpp
@@ -0,0 +1,41 @@
+// RUN: %clangxx -fsanitize=signed-integer-overflow -fsanitize-recover=all %s -o %t && %run %t 2>&1 | FileCheck %s
+
+#include <stdint.h>
+
+#define OVERFLOW  \
+  x = 0x7FFFFFFE; \
+  x += __LINE__
+
+int main() {
+  int32_t x;
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+  OVERFLOW;  // CHECK: add-overflow
+
+  // CHECK-NOT: add-overflow
+  OVERFLOW;  // CHECK: too many errors
+  // CHECK-NOT: add-overflow
+  OVERFLOW;
+  OVERFLOW;
+  OVERFLOW;
+}
diff --git a/compiler-rt/test/ubsan_minimal/TestCases/recover-dedup.cpp b/compiler-rt/test/ubsan_minimal/TestCases/recover-dedup.cpp
new file mode 100644
index 00000000000..744471c66a7
--- /dev/null
+++ b/compiler-rt/test/ubsan_minimal/TestCases/recover-dedup.cpp
@@ -0,0 +1,25 @@
+// RUN: %clangxx -fsanitize=signed-integer-overflow -fsanitize-recover=all %s -o %t && %run %t 2>&1 | FileCheck %s
+
+#include <stdint.h>
+
+__attribute__((noinline))
+int f(int x, int y) {
+  // CHECK: mul-overflow
+  return x * y;
+}
+
+__attribute__((noinline))
+int g(int x, int y) {
+  // CHECK: mul-overflow
+  return x * (y + 1);
+}
+
+int main() {
+  int x = 2;
+  for (int i = 0; i < 10; ++i)
+    x = f(x, x);
+  x = 2;
+  for (int i = 0; i < 10; ++i)
+    x = g(x, x);
+  // CHECK-NOT: mul-overflow
+}
diff --git a/compiler-rt/test/ubsan_minimal/TestCases/uadd-overflow.cpp b/compiler-rt/test/ubsan_minimal/TestCases/uadd-overflow.cpp
new file mode 100644
index 00000000000..03457501232
--- /dev/null
+++ b/compiler-rt/test/ubsan_minimal/TestCases/uadd-overflow.cpp
@@ -0,0 +1,10 @@
+// RUN: %clangxx -fsanitize=unsigned-integer-overflow %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=all %s -o %t && not --crash %run %t 2>&1 | FileCheck %s
+
+#include <stdint.h>
+
+int main() {
+  uint32_t k = 0x87654321;
+  k += 0xedcba987;
+  // CHECK: add-overflow
+}