diff options
| author | Julian Lettner <jlettner@apple.com> | 2019-01-24 01:06:19 +0000 |
|---|---|---|
| committer | Julian Lettner <jlettner@apple.com> | 2019-01-24 01:06:19 +0000 |
| commit | cea84ab93aeb079a358ab1c8aeba6d9140ef8b47 (patch) | |
| tree | 3c059cf1dbc208d26fc1df2547d0a18e18448095 /llvm/docs | |
| parent | 970d9d9acc421cc43fa801d2be81328d066200ec (diff) | |
| download | bcm5719-llvm-cea84ab93aeb079a358ab1c8aeba6d9140ef8b47.tar.gz bcm5719-llvm-cea84ab93aeb079a358ab1c8aeba6d9140ef8b47.zip | |
[Sanitizers] UBSan unreachable incompatible with ASan in the presence of `noreturn` calls
Summary:
UBSan wants to detect when unreachable code is actually reached, so it
adds instrumentation before every `unreachable` instruction. However,
the optimizer will remove code after calls to functions marked with
`noreturn`. To avoid this UBSan removes `noreturn` from both the call
instruction as well as from the function itself. Unfortunately, ASan
relies on this annotation to unpoison the stack by inserting calls to
`_asan_handle_no_return` before `noreturn` functions. This is important
for functions that do not return but access the the stack memory, e.g.,
unwinder functions *like* `longjmp` (`longjmp` itself is actually
"double-proofed" via its interceptor). The result is that when ASan and
UBSan are combined, the `noreturn` attributes are missing and ASan
cannot unpoison the stack, so it has false positives when stack
unwinding is used.
Changes:
# UBSan now adds the `expect_noreturn` attribute whenever it removes
the `noreturn` attribute from a function
# ASan additionally checks for the presence of this attribute
Generated code:
```
call void @__asan_handle_no_return // Additionally inserted to avoid false positives
call void @longjmp
call void @__asan_handle_no_return
call void @__ubsan_handle_builtin_unreachable
unreachable
```
The second call to `__asan_handle_no_return` is redundant. This will be
cleaned up in a follow-up patch.
rdar://problem/40723397
Reviewers: delcypher, eugenis
Tags: #sanitizers
Differential Revision: https://reviews.llvm.org/D56624
llvm-svn: 352003
Diffstat (limited to 'llvm/docs')
| -rw-r--r-- | llvm/docs/LangRef.rst | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/llvm/docs/LangRef.rst b/llvm/docs/LangRef.rst index 65c8c75a22d..32c4d458e4e 100644 --- a/llvm/docs/LangRef.rst +++ b/llvm/docs/LangRef.rst @@ -1458,6 +1458,10 @@ example: This function attribute indicates that the function never returns normally. This produces undefined behavior at runtime if the function ever does dynamically return. +``expect_noreturn`` + This function attribute indicates that the function is unlikely to return + normally, but that it still allowed to do so. This is useful in cases where + ``noreturn`` is too strong a guarantee. ``norecurse`` This function attribute indicates that the function does not call itself either directly or indirectly down any possible call path. This produces |
