From bd1c0870198e025f92d31eead0fb2019c4057a4a Mon Sep 17 00:00:00 2001 From: Roman Lebedev Date: Tue, 15 Jan 2019 09:44:25 +0000 Subject: [clang][UBSan] Sanitization for alignment assumptions. Summary: UB isn't nice. It's cool and powerful, but not nice. Having a way to detect it is nice though. [[ https://wg21.link/p1007r3 | P1007R3: std::assume_aligned ]] / http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p1007r2.pdf says: ``` We propose to add this functionality via a library function instead of a core language attribute. ... If the pointer passed in is not aligned to at least N bytes, calling assume_aligned results in undefined behaviour. ``` This differential teaches clang to sanitize all the various variants of this assume-aligned attribute. Requires D54588 for LLVM IRBuilder changes. The compiler-rt part is D54590. This is a second commit, the original one was r351105, which was mass-reverted in r351159 because 2 compiler-rt tests were failing. Reviewers: ABataev, craig.topper, vsk, rsmith, rnk, #sanitizers, erichkeane, filcab, rjmccall Reviewed By: rjmccall Subscribers: chandlerc, ldionne, EricWF, mclow.lists, cfe-commits, bkramer Tags: #sanitizers Differential Revision: https://reviews.llvm.org/D54589 llvm-svn: 351177 --- clang/docs/ReleaseNotes.rst | 43 +++++++++++++++++++++++++++++++ clang/docs/UndefinedBehaviorSanitizer.rst | 2 +- 2 files changed, 44 insertions(+), 1 deletion(-) (limited to 'clang/docs') diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index 64991343d9de..b6a405dbc78b 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -321,6 +321,49 @@ Undefined Behavior Sanitizer (UBSan) * The Implicit Conversion Sanitizer (``-fsanitize=implicit-conversion``) has learned to sanitize compound assignment operators. +* ``alignment`` check has learned to sanitize the assume_aligned-like attributes: + + .. code-block:: c++ + + typedef char **__attribute__((align_value(1024))) aligned_char; + struct ac_struct { + aligned_char a; + }; + char **load_from_ac_struct(struct ac_struct *x) { + return x->a; // <- check that loaded 'a' is aligned + } + + char **passthrough(__attribute__((align_value(1024))) char **x) { + return x; // <- check the pointer passed as function argument + } + + char **__attribute__((alloc_align(2))) + alloc_align(int size, unsigned long alignment); + + char **caller(int size) { + return alloc_align(size, 1024); // <- check returned pointer + } + + char **__attribute__((assume_aligned(1024))) get_ptr(); + + char **caller2() { + return get_ptr(); // <- check returned pointer + } + + void *caller3(char **x) { + return __builtin_assume_aligned(x, 1024); // <- check returned pointer + } + + void *caller4(char **x, unsigned long offset) { + return __builtin_assume_aligned(x, 1024, offset); // <- check returned pointer accounting for the offest + } + + void process(char *data, int width) { + #pragma omp for simd aligned(data : 1024) // <- aligned clause will be checked. + for (int x = 0; x < width; x++) + data[x] *= data[x]; + } + Core Analysis Improvements ========================== diff --git a/clang/docs/UndefinedBehaviorSanitizer.rst b/clang/docs/UndefinedBehaviorSanitizer.rst index ddffee85c98d..3700d4962d36 100644 --- a/clang/docs/UndefinedBehaviorSanitizer.rst +++ b/clang/docs/UndefinedBehaviorSanitizer.rst @@ -72,7 +72,7 @@ Available checks Available checks are: - ``-fsanitize=alignment``: Use of a misaligned pointer or creation - of a misaligned reference. + of a misaligned reference. Also sanitizes assume_aligned-like attributes. - ``-fsanitize=bool``: Load of a ``bool`` value which is neither ``true`` nor ``false``. - ``-fsanitize=builtin``: Passing invalid values to compiler builtins. -- cgit v1.2.3