summaryrefslogtreecommitdiffstats
path: root/clang/test/CodeGenCXX/catch-undef-behavior.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [ubsan] Check the correct size when sanitizing array new.Richard Smith2019-01-231-0/+43
| | | | | | We previously forgot to multiply the element size by the array bound. llvm-svn: 351924
* In nothrow new-expressions, null-check the result if we're going toRichard Smith2019-01-101-0/+43
| | | | | | | | | apply sanitizers to it. This avoids a sanitizer false positive that we are initializing a null pointer. llvm-svn: 350779
* Tests: fix tests encoding specific hash values for 32-bit systems.Tim Northover2018-08-311-2/+2
| | | | | | | I changed the seed slightly, but forgot to run the tests on a 32-bit system, so tests which hard-code a specific hash value started breaking. llvm-svn: 341240
* Fix typoMatt Arsenault2018-03-291-1/+1
| | | | llvm-svn: 328791
* [CodeGenCXX] annotate a GEP to a derived class with 'inbounds' (PR35909)Sanjay Patel2018-01-191-2/+2
| | | | | | | | | | | | | | | | The standard says: [expr.static.cast] p11: "If the prvalue of type “pointer to cv1 B” points to a B that is actually a subobject of an object of type D, the resulting pointer points to the enclosing object of type D. Otherwise, the behavior is undefined." Therefore, the GEP must be inbounds. This should solve the failure to optimize away a null check shown in PR35909: https://bugs.llvm.org/show_bug.cgi?id=35909 Differential Revision: https://reviews.llvm.org/D42249 llvm-svn: 322950
* [ubsan] Don't emit function signatures for non-static member functionsVedant Kumar2017-10-141-0/+60
| | | | | | | | | | | | | | | | | | The function sanitizer only checks indirect calls through function pointers. This excludes all non-static member functions (constructor calls, calls through thunks, etc. all use a separate code path). Don't emit function signatures for functions that won't be checked. Apart from cutting down on code size, this should fix a regression on Linux caused by r313096. For context, see the mailing list discussion: r313096 - [ubsan] Function Sanitizer: Don't require writable text segments Testing: check-clang, check-ubsan Differential Revision: https://reviews.llvm.org/D38913 llvm-svn: 315786
* Tighten up a test case. NFC.Vedant Kumar2017-09-131-2/+2
| | | | llvm-svn: 313098
* [ubsan] Function Sanitizer: Don't require writable text segmentsVedant Kumar2017-09-131-8/+19
| | | | | | | | | | | | | | | | | | This change will make it possible to use -fsanitize=function on Darwin and possibly on other platforms. It fixes an issue with the way RTTI is stored into function prologue data. On Darwin, addresses stored in prologue data can't require run-time fixups and must be PC-relative. Run-time fixups are undesirable because they necessitate writable text segments, which can lead to security issues. And absolute addresses are undesirable because they break PIE mode. The fix is to create a private global which points to the RTTI, and then to encode a PC-relative reference to the global into prologue data. Differential Revision: https://reviews.llvm.org/D37597 llvm-svn: 313096
* [ubsan] PR34266: When sanitizing the 'this' value for a member function that ↵Richard Smith2017-08-241-0/+36
| | | | | | | | | | | | | happens to be a lambda call operator, use the lambda's 'this' pointer, not the captured enclosing 'this' pointer (if any). Do not sanitize the 'this' pointer of a member call operator for a lambda with no capture-default, since that call operator can legitimately be called with a null this pointer from the static invoker function. Any actual call with a null this pointer should still be caught in the caller (if it is being sanitized). This reinstates r311589 (reverted in r311680) with the above fix. llvm-svn: 311695
* Revert "[ubsan] PR34266: When sanitizing the 'this' value for a member ↵Adrian Prantl2017-08-241-21/+0
| | | | | | | | | function that happens to be a lambda call operator, use the lambda's 'this' pointer, not the captured enclosing 'this' pointer (if any)." This reverts commit r311589 because of bot breakage. http://green.lab.llvm.org/green/job/clang-stage2-cmake-RgSan_check/4115/consoleFull#15752874848254eaf0-7326-4999-85b0-388101f2d404. llvm-svn: 311680
* [ubsan] PR34266: When sanitizing the 'this' value for a member function that ↵Richard Smith2017-08-231-0/+21
| | | | | | happens to be a lambda call operator, use the lambda's 'this' pointer, not the captured enclosing 'this' pointer (if any). llvm-svn: 311589
* [ubsan] Have -fsanitize=vptr emit a null check if -fsanitize=null isn't ↵Vedant Kumar2017-08-021-2/+2
| | | | | | | | | | | | | | | | | | available In r309007, I made -fsanitize=null a hard prerequisite for -fsanitize=vptr. I did not see the need for the two checks to have separate null checking logic for the same pointer. I expected the two checks to either always be enabled together, or to be mutually compatible. In the mailing list discussion re: r309007 it became clear that that isn't the case. If a codebase is -fsanitize=vptr clean but not -fsanitize=null clean, it's useful to have -fsanitize=vptr emit its own null check. That's what this patch does: with it, -fsanitize=vptr can be used without -fsanitize=null. Differential Revision: https://reviews.llvm.org/D36112 llvm-svn: 309846
* [ubsan] Null-check pointers in -fsanitize=vptr (PR33881)Vedant Kumar2017-07-251-2/+2
| | | | | | | | | | | | | | | | | | | The instrumentation generated by -fsanitize=vptr does not null check a user pointer before loading from it. This causes crashes in the face of UB member calls (this=nullptr), i.e it's causing user programs to crash only after UBSan is turned on. The fix is to make run-time null checking a prerequisite for enabling -fsanitize=vptr, and to then teach UBSan to reuse these run-time null checks to make -fsanitize=vptr safe. Testing: check-clang, check-ubsan, a stage2 ubsan-enabled build Differential Revision: https://reviews.llvm.org/D35735 https://bugs.llvm.org/show_bug.cgi?id=33881 llvm-svn: 309007
* P0145R3 (C++17 evaluation order tweaks): consistently emit the LHS of arrayRichard Smith2016-09-261-4/+4
| | | | | | | subscripting before the RHS, regardless of which is the base and which is the index. llvm-svn: 282453
* Make clang/test/CodeGen/catch-undef-behavior.c* capable of -Asserts with ↵NAKAMURA Takumi2015-09-151-20/+19
| | | | | | | | "opt -instnamer". It reverts r231717. llvm-svn: 247667
* Suppress a couple of tests, clang/test/CodeGen/catch-undef-behavior.c and ↵NAKAMURA Takumi2015-03-091-0/+1
| | | | | | one, for -Asserts for now. They were introduced in r231711. llvm-svn: 231717
* [UBSan] Split -fsanitize=shift into -fsanitize=shift-base and ↵Alexey Samsonov2015-03-091-5/+9
| | | | | | | | | | | | | | | | -fsanitize=shift-exponent. This is a recommit of r231150, reverted in r231409. Turns out that -fsanitize=shift-base check implementation only works if the shift exponent is valid, otherwise it contains undefined behavior itself. Make sure we check that exponent is valid before we proceed to check the base. Make sure that we actually report invalid values of base or exponent if -fsanitize=shift-base or -fsanitize=shift-exponent is specified, respectively. llvm-svn: 231711
* Revert "[UBSan] Split -fsanitize=shift into -fsanitize=shift-base and ↵Alexey Samsonov2015-03-051-4/+6
| | | | | | | | | | | -fsanitize=shift-exponent." It's not that easy. If we're only checking -fsanitize=shift-base we still need to verify that exponent has sane value, otherwise UBSan-inserted checks for base will contain undefined behavior themselves. llvm-svn: 231409
* [UBSan] Split -fsanitize=shift into -fsanitize=shift-base and ↵Alexey Samsonov2015-03-031-6/+4
| | | | | | | | | | | | | | | | | | | | | -fsanitize=shift-exponent. -fsanitize=shift is now a group that includes both these checks, so exisiting users should not be affected. This change introduces two new UBSan kinds that sanitize only left-hand side and right-hand side of shift operation. In practice, invalid exponent value (negative or too large) tends to cause more portability problems, including inconsistencies between different compilers, crashes and inadequeate results on non-x86 architectures etc. That is, -fsanitize=shift-exponent failures should generally be addressed first. As a bonus, this change simplifies CodeGen implementation for emitting left shift (separate checks for base and exponent are now merged by the existing generic logic in EmitCheck()), and LLVM IR for these checks (the number of basic blocks is reduced). llvm-svn: 231150
* Update Clang tests to handle explicitly typed load changes in LLVM.David Blaikie2015-02-271-5/+5
| | | | llvm-svn: 230795
* Update Clang tests to handle explicitly typed gep changes in LLVM.David Blaikie2015-02-271-6/+6
| | | | llvm-svn: 230783
* UBSan: Use the correct function prologue for x32.Peter Collingbourne2015-02-251-0/+4
| | | | llvm-svn: 230571
* Emit DeferredDeclsToEmit in a DFS order.Rafael Espindola2015-01-221-2/+2
| | | | | | | | | | | | | | Currently we emit DeferredDeclsToEmit in reverse order. This patch changes that. The advantages of the change are that * The output order is a bit closer to the source order. The change to test/CodeGenCXX/pod-member-memcpys.cpp is a good example. * If we decide to deffer more, it will not cause as large changes in the estcases as it would without this patch. llvm-svn: 226751
* Reimplement -fsanitize-recover family of flags.Alexey Samsonov2015-01-121-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Introduce the following -fsanitize-recover flags: - -fsanitize-recover=<list>: Enable recovery for selected checks or group of checks. It is forbidden to explicitly list unrecoverable sanitizers here (that is, "address", "unreachable", "return"). - -fno-sanitize-recover=<list>: Disable recovery for selected checks or group of checks. - -f(no-)?sanitize-recover is now a synonym for -f(no-)?sanitize-recover=undefined,integer and will soon be deprecated. These flags are parsed left to right, and mask of "recoverable" sanitizer is updated accordingly, much like what we do for -fsanitize= flags. -fsanitize= and -fsanitize-recover= flag families are independent. CodeGen change: If there is a single UBSan handler function, responsible for implementing multiple checks, which have different recoverable setting, then we emit two handler calls instead of one: the first one for the set of "unrecoverable" checks, another one - for set of "recoverable" checks. If all checks implemented by a handler have the same recoverability setting, then the generated code will be the same. llvm-svn: 225719
* Update test to check for prologue instead of prefixPeter Collingbourne2014-12-031-1/+1
| | | | llvm-svn: 223191
* Bundle conditions checked by UBSan with sanitizer kinds they implement.Alexey Samsonov2014-11-111-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | Summary: This change makes CodeGenFunction::EmitCheck() take several conditions that needs to be checked (all of them need to be true), together with sanitizer kinds these checks are for. This would allow to split one call into UBSan runtime into several calls in case different sanitizer kinds would have different recoverability settings. Tests should be fixed accordingly, I'm working on it. Test Plan: regression test suite. Reviewers: rsmith Reviewed By: rsmith Subscribers: cfe-commits Differential Revision: http://reviews.llvm.org/D6219 llvm-svn: 221716
* Sanitize upcasts and conversion to virtual base.Alexey Samsonov2014-10-131-0/+34
| | | | | | | | | | | This change adds UBSan check to upcasts. Namely, when we perform derived-to-base conversion, we: 1) check that the pointer-to-derived has suitable alignment and underlying storage, if this pointer is non-null. 2) if vptr-sanitizer is enabled, and we perform conversion to virtual base, we check that pointer-to-derived has a matching vptr. llvm-svn: 219642
* [UBsan] Skip -fsanitize=vptr instrumentations when the pointer value is null.Alexey Samsonov2014-07-181-0/+6
| | | | | | | | | | Otherwise -fsanitize=vptr causes the program to crash when it downcasts a null pointer. Reviewed in http://reviews.llvm.org/D4412. Patch by Byoungyoung Lee! llvm-svn: 213393
* Make sure globals created by UBSan are not instrumented by ASan.Alexey Samsonov2014-07-181-0/+8
| | | | | | | | | | | | | | | | | | | | | | Summary: This change adds description of globals created by UBSan instrumentation (UBSan handlers, type descriptors, filenames) to llvm.asan.globals metadata, effectively "blacklisting" them. This can dramatically decrease the data section in binaries built with UBSan+ASan, as UBSan tends to create a lot of handlers, and ASan instrumentation increases the global size to at least 64 bytes. Test Plan: clang regression test suite Reviewers: rsmith Reviewed By: rsmith Subscribers: cfe-commits, byoungyoung, kcc Differential Revision: http://reviews.llvm.org/D4575 llvm-svn: 213392
* Mark C++ reference parameters as dereferenceableHal Finkel2014-07-181-1/+1
| | | | | | | | | | | | | | Because references must be initialized using some evaluated expression, they must point to something, and a callee can assume the reference parameter is dereferenceable. Taking advantage of a new attribute just added to LLVM, mark them as such. Because dereferenceability in addrspace(0) implies nonnull in the backend, we don't need both attributes. However, we need to know the size of the object to use the dereferenceable attribute, so for incomplete types we still emit only nonnull. llvm-svn: 213386
* Check-labelize ubsan testsAlexey Samsonov2014-07-171-16/+16
| | | | llvm-svn: 213334
* Add 'nonnull' parameter or return attribute when producing an llvm pointer ↵Nick Lewycky2014-05-281-1/+1
| | | | | | type in a function type where the C++ type is a reference. Update the tests. llvm-svn: 209723
* Split -fsanitize=bounds to -fsanitize=array-bounds (for the frontend-insertedRichard Smith2013-10-221-1/+1
| | | | | | | | | | | | | | check using the ubsan runtime) and -fsanitize=local-bounds (for the middle-end check which inserts traps). Remove -fsanitize=local-bounds from -fsanitize=undefined. It does not produce useful diagnostics and has false positives (PR17635), and is not a good compromise position between UBSan's checks and ASan's checks. Map -fbounds-checking to -fsanitize=local-bounds to restore Clang's historical behavior for that flag. llvm-svn: 193205
* Implement function type checker for the undefined behavior sanitizer.Peter Collingbourne2013-10-201-1/+19
| | | | | | | | | This uses function prefix data to store function type information at the function pointer. Differential Revision: http://llvm-reviews.chandlerc.com/D1338 llvm-svn: 193058
* Fix objectsize tests after r192117Matt Arsenault2013-10-071-2/+2
| | | | llvm-svn: 192120
* Disable the bool and enum sanitizers when emitting the implicitly-defined copyNick Lewycky2013-09-111-2/+85
| | | | | | constructor, copy assignment operator and move assignment operator. llvm-svn: 190481
* CHECK-LABEL-ify some code gen tests to improve diagnostic experience when ↵Stephen Lin2013-08-151-2/+2
| | | | | | tests fail. llvm-svn: 188447
* catch-undefined-behavior.cpp: Remove names that don't appear in every build.Filipe Cabecinhas2013-08-081-3/+3
| | | | llvm-svn: 187952
* UBSan: Fix naming for IR variables in catch-undef-behavior.cppFilipe Cabecinhas2013-08-081-2/+2
| | | | llvm-svn: 187951
* UBSan: Fix alignment checks emitted in downcasts.Filipe Cabecinhas2013-08-081-1/+52
| | | | | | | | | | | Summary: UBSan was checking for alignment of the derived class on the pointer to the base class, before converting. With some class hierarchies, this could generate false positives. Added test-case. llvm-svn: 187948
* [ubsan] Emit single check for left shift.Will Dietz2013-02-251-1/+6
| | | | | | Avoids warning twice on same shift. llvm-svn: 176056
* PR15338: Don't assert if -fsanitize=bounds sees array indexing on an incompleteRichard Smith2013-02-241-0/+7
| | | | | | array type. llvm-svn: 175982
* ubsan: Emit bounds checks for array indexing, vector indexing, and (in ↵Richard Smith2013-02-231-1/+90
| | | | | | really simple cases) pointer arithmetic. This augments the existing bounds checking with language-level array bounds information. llvm-svn: 175949
* Update to use references to attribute groups instead of listing the ↵Bill Wendling2013-02-221-1/+3
| | | | | | attributes on the call/invoke instructions. llvm-svn: 175878
* ubsan: Add checking for invalid downcasts. Per [expr.static.cast]p2 and p11,Richard Smith2013-02-131-0/+46
| | | | | | | base-to-derived casts have undefined behavior if the object is not actually an instance of the derived type. llvm-svn: 175078
* [ubsan] Recover by default, use -fno-sanitize-recover to disable.Will Dietz2012-12-301-6/+6
| | | | llvm-svn: 171264
* Rein ubsan's vptr sanitizer back a bit. Per core issue 453, binding a referenceRichard Smith2012-12-181-7/+11
| | | | | | to an object outside its lifetime does not have undefined behavior. llvm-svn: 170387
* ubsan: Add -fsanitize=bool and -fsanitize=enum, which check for loads ofRichard Smith2012-12-131-1/+34
| | | | | | | bit-patterns which are not valid values for enumerated or boolean types. These checks are the ubsan analogue of !range metadata. llvm-svn: 170108
* [ubsan] Add flag to enable recovery from checks when possible.Will Dietz2012-12-021-2/+6
| | | | llvm-svn: 169114
* Add -fsanitize=integer for reporting suspicious integer behaviors.Will Dietz2012-11-271-1/+1
| | | | | | Introduces new sanitizer "unsigned-integer-overflow". llvm-svn: 168701
OpenPOWER on IntegriCloud