[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
This revision was automatically updated to reflect the committed changes. Closed by commit rL344230: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and… (authored by lebedevri, committed by ). Herald added a subscriber: llvm-commits. Changed prior to commit: https://reviews.llvm.org/D50901?vs=167621=169173#toc Repository: rL LLVM https://reviews.llvm.org/D50901 Files: cfe/trunk/docs/UndefinedBehaviorSanitizer.rst cfe/trunk/include/clang/Basic/Sanitizers.def cfe/trunk/lib/CodeGen/CGExprScalar.cpp cfe/trunk/test/CodeGen/catch-implicit-integer-conversions-basics.c cfe/trunk/test/CodeGen/catch-implicit-integer-truncations-basics-negatives.c cfe/trunk/test/CodeGen/catch-implicit-integer-truncations-basics.c cfe/trunk/test/CodeGen/catch-implicit-integer-truncations.c cfe/trunk/test/CodeGen/catch-implicit-signed-integer-truncations-basics-negatives.c cfe/trunk/test/CodeGen/catch-implicit-signed-integer-truncations-basics.c cfe/trunk/test/CodeGen/catch-implicit-unsigned-integer-truncations-basics-negatives.c cfe/trunk/test/CodeGen/catch-implicit-unsigned-integer-truncations-basics.c cfe/trunk/test/CodeGenCXX/catch-implicit-integer-truncations.cpp cfe/trunk/test/Driver/fsanitize.c Index: cfe/trunk/docs/UndefinedBehaviorSanitizer.rst === --- cfe/trunk/docs/UndefinedBehaviorSanitizer.rst +++ cfe/trunk/docs/UndefinedBehaviorSanitizer.rst @@ -89,11 +89,16 @@ - ``-fsanitize=function``: Indirect call of a function through a function pointer of the wrong type (Darwin/Linux, C++ and x86/x86_64 only). - - ``-fsanitize=implicit-integer-truncation``: Implicit conversion from + - ``-fsanitize=implicit-unsigned-integer-truncation``, + ``-fsanitize=implicit-signed-integer-truncation``: Implicit conversion from integer of larger bit width to smaller bit width, if that results in data loss. That is, if the demoted value, after casting back to the original width, is not equal to the original value before the downcast. - Issues caught by this sanitizer are not undefined behavior, + The ``-fsanitize=implicit-unsigned-integer-truncation`` handles conversions + between two ``unsigned`` types, while + ``-fsanitize=implicit-signed-integer-truncation`` handles the rest of the + conversions - when either one, or both of the types are signed. + Issues caught by these sanitizers are not undefined behavior, but are often unintentional. - ``-fsanitize=integer-divide-by-zero``: Integer division by zero. - ``-fsanitize=nonnull-attribute``: Passing null pointer as a function @@ -160,6 +165,10 @@ behavior (e.g. unsigned integer overflow). Enables ``signed-integer-overflow``, ``unsigned-integer-overflow``, ``shift``, ``integer-divide-by-zero``, and ``implicit-integer-truncation``. + - ``fsanitize=implicit-integer-truncation``: Checks for implicit integral + conversions that result in data loss. + Enables ``implicit-unsigned-integer-truncation`` and + ``implicit-signed-integer-truncation``. - ``-fsanitize=implicit-conversion``: Checks for suspicious behaviours of implicit conversions. Currently, only ``-fsanitize=implicit-integer-truncation`` is implemented. Index: cfe/trunk/include/clang/Basic/Sanitizers.def === --- cfe/trunk/include/clang/Basic/Sanitizers.def +++ cfe/trunk/include/clang/Basic/Sanitizers.def @@ -135,7 +135,13 @@ SANITIZER_GROUP("undefined-trap", UndefinedTrap, Undefined) // ImplicitConversionSanitizer -SANITIZER("implicit-integer-truncation", ImplicitIntegerTruncation) +SANITIZER("implicit-unsigned-integer-truncation", + ImplicitUnsignedIntegerTruncation) +SANITIZER("implicit-signed-integer-truncation", ImplicitSignedIntegerTruncation) +SANITIZER_GROUP("implicit-integer-truncation", ImplicitIntegerTruncation, +ImplicitUnsignedIntegerTruncation | +ImplicitSignedIntegerTruncation) + SANITIZER_GROUP("implicit-conversion", ImplicitConversion, ImplicitIntegerTruncation) Index: cfe/trunk/test/CodeGenCXX/catch-implicit-integer-truncations.cpp === --- cfe/trunk/test/CodeGenCXX/catch-implicit-integer-truncations.cpp +++ cfe/trunk/test/CodeGenCXX/catch-implicit-integer-truncations.cpp @@ -1,7 +1,7 @@ // RUN: %clang_cc1 -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK -// RUN: %clang_cc1 -fsanitize=implicit-integer-truncation -fno-sanitize-recover=implicit-integer-truncation -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-NORECOVER -// RUN: %clang_cc1 -fsanitize=implicit-integer-truncation -fsanitize-recover=implicit-integer-truncation -emit-llvm %s -o - -triple
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri added a comment. In https://reviews.llvm.org/D50901#1261203, @rsmith wrote: > This looks good to me. Sounds like @filcab is intending on doing another > round of review too, so it'd make sense to double-check there before > committing. In https://reviews.llvm.org/D50901#1261312, @filcab wrote: > LGTM on the clang side too. > > Thank you, > > Filipe YAY \0/ Thank you for the review! Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
Re: [PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
LGTM on the clang side too. Thank you, Filipe On Wed, 10 Oct 2018 at 23:33, Richard Smith - zygoloid via Phabricator < revi...@reviews.llvm.org> wrote: > rsmith accepted this revision. > rsmith added a comment. > This revision is now accepted and ready to land. > > This looks good to me. Sounds like @filcab is intending on doing another > round of review too, so it'd make sense to double-check there before > committing. > > > > > Comment at: docs/UndefinedBehaviorSanitizer.rst:101 > + conversions - when either one, or both of the types are signed. > Issues caught by this sanitizer are not undefined behavior, > but are often unintentional. > > this sanitizer -> these sanitizers > > > Repository: > rC Clang > > https://reviews.llvm.org/D50901 > > > > ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
filcab added a comment. LGTM on the clang side too. Thank you, Filipe Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
rsmith accepted this revision. rsmith added a comment. This revision is now accepted and ready to land. This looks good to me. Sounds like @filcab is intending on doing another round of review too, so it'd make sense to double-check there before committing. Comment at: docs/UndefinedBehaviorSanitizer.rst:101 + conversions - when either one, or both of the types are signed. Issues caught by this sanitizer are not undefined behavior, but are often unintentional. this sanitizer -> these sanitizers Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri added a comment. In https://reviews.llvm.org/D50901#1257651, @filcab wrote: > Sorry about that. I’m away today but I don’t think you’ve answered my > questions about “why not support standalone UBSan in tests”. Sorry if I > missed the answers if you did. I did answer that question twice now :) https://reviews.llvm.org/D50902#inline-463926 >> Can't we simply not test on the SUMMARY line (test on the error line) and >> allow standalone too? I don't see what we gain by restricting the test. > > That summary line is the very essence of what we are checking in this test. > We can only do that in non-standalone builds, because standalone builds only > print generic undefined-behavior error name, while ubsan is coupled with some > other sanitizer, an actual error name is printed. > We have discussed this with you in > https://reviews.llvm.org/D48959#inline-429528 > Will review the latest tomorrow. > > Thank you, > > Filipe Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
Re: [PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
Sorry about that. I’m away today but I don’t think you’ve answered my questions about “why not support standalone UBSan in tests”. Sorry if I missed the answers if you did. Will review the latest tomorrow. Thank you, Filipe On Mon, 8 Oct 2018 at 07:48, Roman Lebedev via Phabricator < revi...@reviews.llvm.org> wrote: > lebedev.ri added a comment. > > Ping! It seemed we were so close here :) > > > Repository: > rC Clang > > https://reviews.llvm.org/D50901 > > > > ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
filcab added a subscriber: aizatsky. filcab added a comment. Sorry about that. I’m away today but I don’t think you’ve answered my questions about “why not support standalone UBSan in tests”. Sorry if I missed the answers if you did. Will review the latest tomorrow. Thank you, Filipe Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri added a comment. Ping! It seemed we were so close here :) Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri updated this revision to Diff 167621. lebedev.ri added a comment. As requested in https://reviews.llvm.org/D50902#1250110, actually document that `ICCK_IntegerTruncation` was only emitted by clang 7. Repository: rC Clang https://reviews.llvm.org/D50901 Files: docs/UndefinedBehaviorSanitizer.rst include/clang/Basic/Sanitizers.def lib/CodeGen/CGExprScalar.cpp test/CodeGen/catch-implicit-integer-conversions-basics.c test/CodeGen/catch-implicit-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-integer-truncations-basics.c test/CodeGen/catch-implicit-integer-truncations.c test/CodeGen/catch-implicit-signed-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-signed-integer-truncations-basics.c test/CodeGen/catch-implicit-unsigned-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-unsigned-integer-truncations-basics.c test/CodeGenCXX/catch-implicit-integer-truncations.cpp test/Driver/fsanitize.c Index: test/Driver/fsanitize.c === --- test/Driver/fsanitize.c +++ test/Driver/fsanitize.c @@ -29,22 +29,37 @@ // CHECK-COVERAGE-WIN64: "--dependent-lib={{[^"]*}}ubsan_standalone-x86_64.lib" // RUN: %clang -target x86_64-linux-gnu -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER -implicit-check-not="-fsanitize-address-use-after-scope" -// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|implicit-integer-truncation),?){6}"}} +// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){7}"}} // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fsanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fno-sanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-NORECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fsanitize-trap=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-TRAP -// CHECK-implicit-conversion: "-fsanitize={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER-NOT: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} // ??? -// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP-NOT: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} +// CHECK-implicit-conversion: "-fsanitize={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER-NOT: "-fsanitize-trap={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} // ??? +// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-trap={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-TRAP: "-fsanitize-trap={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-TRAP-NOT: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +//
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri updated this revision to Diff 167391. lebedev.ri marked an inline comment as done and 3 inline comments as not done. lebedev.ri added a comment. - Rebased Repository: rC Clang https://reviews.llvm.org/D50901 Files: docs/UndefinedBehaviorSanitizer.rst include/clang/Basic/Sanitizers.def lib/CodeGen/CGExprScalar.cpp test/CodeGen/catch-implicit-integer-conversions-basics.c test/CodeGen/catch-implicit-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-integer-truncations-basics.c test/CodeGen/catch-implicit-integer-truncations.c test/CodeGen/catch-implicit-signed-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-signed-integer-truncations-basics.c test/CodeGen/catch-implicit-unsigned-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-unsigned-integer-truncations-basics.c test/CodeGenCXX/catch-implicit-integer-truncations.cpp test/Driver/fsanitize.c Index: test/Driver/fsanitize.c === --- test/Driver/fsanitize.c +++ test/Driver/fsanitize.c @@ -29,22 +29,37 @@ // CHECK-COVERAGE-WIN64: "--dependent-lib={{[^"]*}}ubsan_standalone-x86_64.lib" // RUN: %clang -target x86_64-linux-gnu -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER -implicit-check-not="-fsanitize-address-use-after-scope" -// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|implicit-integer-truncation),?){6}"}} +// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){7}"}} // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fsanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fno-sanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-NORECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fsanitize-trap=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-TRAP -// CHECK-implicit-conversion: "-fsanitize={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER-NOT: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} // ??? -// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP-NOT: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} +// CHECK-implicit-conversion: "-fsanitize={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER-NOT: "-fsanitize-trap={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} // ??? +// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-trap={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-TRAP: "-fsanitize-trap={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-TRAP-NOT: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-TRAP-NOT:
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
filcab added inline comments. Comment at: lib/CodeGen/CGExprScalar.cpp:305 enum ImplicitConversionCheckKind : unsigned char { -ICCK_IntegerTruncation = 0, +ICCK_IntegerTruncation = 0, // Legacy, no longer used. +ICCK_UnsignedIntegerTruncation = 1, vitalybuka wrote: > lebedev.ri wrote: > > vitalybuka wrote: > > > why do you need to keep it? > > *Here* - for consistency with the compiler-rt part. > > > > There - what about mismatch in the used clang version > > (which still only produced the `(ImplicitConversionCheckKind)0`), and > > compiler-rt version > > (which has `(ImplicitConversionCheckKind)1` and > > `(ImplicitConversionCheckKind)2`)? > > Is it 100.00% guaranteed not to happen? I'm not so sure. > I don't think we try support mismatched versions of clang and compiler-rt We don't make a big effort in open source. But we try to at least make it work (check previous work on type_mismatch handler, before versions were introduced), or error "loudly" when linking (versioned checks). I think having keeping the older check number free is a good thing and allows us to have binary compatibility with older objects (and keep supporting old object files (we *did* release llvm 7.0 with the old-type check)). If we hadn't had a release in between, I'd be all for reusing. Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri updated this revision to Diff 167255. lebedev.ri marked 3 inline comments as done. lebedev.ri added a comment. - Split off the NFC preparatory changes. - Rebased. Repository: rC Clang https://reviews.llvm.org/D50901 Files: docs/UndefinedBehaviorSanitizer.rst include/clang/Basic/Sanitizers.def lib/CodeGen/CGExprScalar.cpp test/CodeGen/catch-implicit-integer-conversions-basics.c test/CodeGen/catch-implicit-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-integer-truncations-basics.c test/CodeGen/catch-implicit-integer-truncations.c test/CodeGen/catch-implicit-signed-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-signed-integer-truncations-basics.c test/CodeGen/catch-implicit-unsigned-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-unsigned-integer-truncations-basics.c test/CodeGenCXX/catch-implicit-integer-truncations.cpp test/Driver/fsanitize.c Index: test/Driver/fsanitize.c === --- test/Driver/fsanitize.c +++ test/Driver/fsanitize.c @@ -29,22 +29,37 @@ // CHECK-COVERAGE-WIN64: "--dependent-lib={{[^"]*}}ubsan_standalone-x86_64.lib" // RUN: %clang -target x86_64-linux-gnu -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER -implicit-check-not="-fsanitize-address-use-after-scope" -// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|implicit-integer-truncation),?){6}"}} +// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){7}"}} // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fsanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fno-sanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-NORECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fsanitize-trap=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-TRAP -// CHECK-implicit-conversion: "-fsanitize={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER-NOT: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} // ??? -// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP-NOT: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} +// CHECK-implicit-conversion: "-fsanitize={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER-NOT: "-fsanitize-trap={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} // ??? +// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-trap={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-TRAP: "-fsanitize-trap={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-TRAP-NOT: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-TRAP-NOT:
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
vitalybuka added inline comments. Comment at: lib/CodeGen/CGExprScalar.cpp:305 enum ImplicitConversionCheckKind : unsigned char { -ICCK_IntegerTruncation = 0, +ICCK_IntegerTruncation = 0, // Legacy, no longer used. +ICCK_UnsignedIntegerTruncation = 1, lebedev.ri wrote: > vitalybuka wrote: > > why do you need to keep it? > *Here* - for consistency with the compiler-rt part. > > There - what about mismatch in the used clang version > (which still only produced the `(ImplicitConversionCheckKind)0`), and > compiler-rt version > (which has `(ImplicitConversionCheckKind)1` and > `(ImplicitConversionCheckKind)2`)? > Is it 100.00% guaranteed not to happen? I'm not so sure. I don't think we try support mismatched versions of clang and compiler-rt Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri added a comment. In https://reviews.llvm.org/D50901#1238795, @lebedev.ri wrote: > @vsk thanks for taking a look! /me can't read :) That was supposed to be @vitalybuka, of course (: Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri added a comment. @vsk thanks for taking a look! Comment at: lib/CodeGen/CGExprScalar.cpp:305 enum ImplicitConversionCheckKind : unsigned char { -ICCK_IntegerTruncation = 0, +ICCK_IntegerTruncation = 0, // Legacy, no longer used. +ICCK_UnsignedIntegerTruncation = 1, vitalybuka wrote: > why do you need to keep it? *Here* - for consistency with the compiler-rt part. There - what about mismatch in the used clang version (which still only produced the `(ImplicitConversionCheckKind)0`), and compiler-rt version (which has `(ImplicitConversionCheckKind)1` and `(ImplicitConversionCheckKind)2`)? Is it 100.00% guaranteed not to happen? I'm not so sure. Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
vitalybuka added inline comments. Comment at: lib/CodeGen/CGExprScalar.cpp:305 enum ImplicitConversionCheckKind : unsigned char { -ICCK_IntegerTruncation = 0, +ICCK_IntegerTruncation = 0, // Legacy, no longer used. +ICCK_UnsignedIntegerTruncation = 1, why do you need to keep it? Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri added a comment. @rsmith - ping. This one should be rather uncontroversial i think? Is this moving in the direction you suggested? :) Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri added a comment. Ping once again :) Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri added a comment. Ping. Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri added a comment. ping. Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri updated this revision to Diff 162040. lebedev.ri marked 2 inline comments as done. lebedev.ri added a comment. Rebased, addressed @vsk review note, should be NFC. @vsk thank you for taking a look! > LebedevRI: It looks like it's in good shape. I wasn't around for > the discussion re: splitting up the (un)signed cases, so it'd be good to have > someone involved with that sign off @rsmith ? Repository: rC Clang https://reviews.llvm.org/D50901 Files: docs/UndefinedBehaviorSanitizer.rst include/clang/Basic/Sanitizers.def lib/CodeGen/CGExprScalar.cpp test/CodeGen/catch-implicit-integer-conversions-basics.c test/CodeGen/catch-implicit-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-integer-truncations-basics.c test/CodeGen/catch-implicit-integer-truncations.c test/CodeGen/catch-implicit-signed-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-signed-integer-truncations-basics.c test/CodeGen/catch-implicit-unsigned-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-unsigned-integer-truncations-basics.c test/CodeGenCXX/catch-implicit-integer-truncations.cpp test/Driver/fsanitize.c Index: test/Driver/fsanitize.c === --- test/Driver/fsanitize.c +++ test/Driver/fsanitize.c @@ -29,22 +29,37 @@ // CHECK-COVERAGE-WIN64: "--dependent-lib={{[^"]*}}ubsan_standalone-x86_64.lib" // RUN: %clang -target x86_64-linux-gnu -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER -implicit-check-not="-fsanitize-address-use-after-scope" -// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|implicit-integer-truncation),?){6}"}} +// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){7}"}} // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fsanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fno-sanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-NORECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fsanitize-trap=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-TRAP -// CHECK-implicit-conversion: "-fsanitize={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER-NOT: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} // ??? -// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP-NOT: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} +// CHECK-implicit-conversion: "-fsanitize={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER-NOT: "-fsanitize-trap={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} // ??? +// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-trap={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-TRAP:
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
vsk added inline comments. Comment at: test/CodeGen/catch-implicit-integer-truncations-basics-negatives.c:23 +__attribute__((no_sanitize("integer"))) unsigned char blacklist_1_convert_unsigned_int_to_unsigned_char(unsigned int x) { + // CHECK: } + return x; It looks like 'CHECK: }' is meant to check that the end of the function is reached without any diagnostic handlers being emitted. If so, you'll need something stricter to actually check that. Considering removing all of the 'CHECK: }' lines and adding `-implicit-check-not=__ubsan_handle_implicit` as a FileCheck option. Comment at: test/CodeGen/catch-implicit-signed-integer-truncations-basics-negatives.c:17 +__attribute__((no_sanitize("integer"))) signed char blacklist_1_convert_signed_int_to_signed_char(signed int x) { + // CHECK: } + return x; Ditto, I think this applies to the rest of the tests. Repository: rC Clang https://reviews.llvm.org/D50901 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D50901: [clang][ubsan] Split Implicit Integer Truncation Sanitizer into unsigned and signed checks
lebedev.ri created this revision. lebedev.ri added reviewers: rsmith, vsk, Sanitizers. lebedev.ri added projects: Sanitizers, clang. As per IRC disscussion, it seems we really want to have more fine-grained `-fsanitize=implicit-integer-truncation`: - A check when both of the types are unsigned. - Another check for the other cases (either one of the types is signed, or both of the types is signed). This is clang part. Compiler-rt part is . Repository: rC Clang https://reviews.llvm.org/D50901 Files: docs/UndefinedBehaviorSanitizer.rst include/clang/Basic/Sanitizers.def lib/CodeGen/CGExprScalar.cpp test/CodeGen/catch-implicit-integer-conversions-basics.c test/CodeGen/catch-implicit-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-integer-truncations-basics.c test/CodeGen/catch-implicit-integer-truncations.c test/CodeGen/catch-implicit-signed-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-signed-integer-truncations-basics.c test/CodeGen/catch-implicit-unsigned-integer-truncations-basics-negatives.c test/CodeGen/catch-implicit-unsigned-integer-truncations-basics.c test/CodeGenCXX/catch-implicit-integer-truncations.cpp test/Driver/fsanitize.c Index: test/Driver/fsanitize.c === --- test/Driver/fsanitize.c +++ test/Driver/fsanitize.c @@ -29,22 +29,37 @@ // CHECK-COVERAGE-WIN64: "--dependent-lib={{[^"]*}}ubsan_standalone-x86_64.lib" // RUN: %clang -target x86_64-linux-gnu -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER -implicit-check-not="-fsanitize-address-use-after-scope" -// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|implicit-integer-truncation),?){6}"}} +// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift-base|shift-exponent|implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){7}"}} // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fsanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-RECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fno-sanitize-recover=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-NORECOVER // RUN: %clang -target x86_64-linux-gnu -fsanitize=implicit-conversion -fsanitize-trap=implicit-conversion %s -### 2>&1 | FileCheck %s --check-prefixes=CHECK-implicit-conversion,CHECK-implicit-conversion-TRAP -// CHECK-implicit-conversion: "-fsanitize={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-RECOVER-NOT: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} // ??? -// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP: "-fsanitize-trap={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP-NOT: "-fsanitize-recover={{((implicit-integer-truncation),?){1}"}} -// CHECK-implicit-conversion-TRAP-NOT: "-fno-sanitize-recover={{((implicit-integer-truncation),?){1}"}} +// CHECK-implicit-conversion: "-fsanitize={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-RECOVER-NOT: "-fsanitize-trap={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-NORECOVER-NOT: "-fno-sanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} // ??? +// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-recover={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-NORECOVER-NOT: "-fsanitize-trap={{((implicit-unsigned-integer-truncation|implicit-signed-integer-truncation),?){2}"}} +// CHECK-implicit-conversion-TRAP: