diff options
| author | Roman Lebedev <lebedev.ri@gmail.com> | 2019-01-15 09:44:25 +0000 |
|---|---|---|
| committer | Roman Lebedev <lebedev.ri@gmail.com> | 2019-01-15 09:44:25 +0000 |
| commit | 5c8adb20544789217fe573ea6ba2eb2a3af8a2ab (patch) | |
| tree | 4f49dcaff537d406a65102c57672f5b97519009c /docs/ReleaseNotes.rst | |
| parent | 24d0264d8e6d75b083e715acf642358472c11f8f (diff) | |
[clang][UBSan] Sanitization for alignment assumptions.
Summary:
UB isn't nice. It's cool and powerful, but not nice.
Having a way to detect it is nice though.
[[ https://wg21.link/p1007r3 | P1007R3: std::assume_aligned ]] / http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p1007r2.pdf says:
```
We propose to add this functionality via a library function instead of a core language attribute.
...
If the pointer passed in is not aligned to at least N bytes, calling assume_aligned results in undefined behaviour.
```
This differential teaches clang to sanitize all the various variants of this assume-aligned attribute.
Requires D54588 for LLVM IRBuilder changes.
The compiler-rt part is D54590.
This is a second commit, the original one was r351105,
which was mass-reverted in r351159 because 2 compiler-rt tests were failing.
Reviewers: ABataev, craig.topper, vsk, rsmith, rnk, #sanitizers, erichkeane, filcab, rjmccall
Reviewed By: rjmccall
Subscribers: chandlerc, ldionne, EricWF, mclow.lists, cfe-commits, bkramer
Tags: #sanitizers
Differential Revision: https://reviews.llvm.org/D54589
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@351177 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'docs/ReleaseNotes.rst')
| -rw-r--r-- | docs/ReleaseNotes.rst | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/docs/ReleaseNotes.rst b/docs/ReleaseNotes.rst index 64991343d9..b6a405dbc7 100644 --- a/docs/ReleaseNotes.rst +++ b/docs/ReleaseNotes.rst @@ -321,6 +321,49 @@ Undefined Behavior Sanitizer (UBSan) * The Implicit Conversion Sanitizer (``-fsanitize=implicit-conversion``) has learned to sanitize compound assignment operators. +* ``alignment`` check has learned to sanitize the assume_aligned-like attributes: + + .. code-block:: c++ + + typedef char **__attribute__((align_value(1024))) aligned_char; + struct ac_struct { + aligned_char a; + }; + char **load_from_ac_struct(struct ac_struct *x) { + return x->a; // <- check that loaded 'a' is aligned + } + + char **passthrough(__attribute__((align_value(1024))) char **x) { + return x; // <- check the pointer passed as function argument + } + + char **__attribute__((alloc_align(2))) + alloc_align(int size, unsigned long alignment); + + char **caller(int size) { + return alloc_align(size, 1024); // <- check returned pointer + } + + char **__attribute__((assume_aligned(1024))) get_ptr(); + + char **caller2() { + return get_ptr(); // <- check returned pointer + } + + void *caller3(char **x) { + return __builtin_assume_aligned(x, 1024); // <- check returned pointer + } + + void *caller4(char **x, unsigned long offset) { + return __builtin_assume_aligned(x, 1024, offset); // <- check returned pointer accounting for the offest + } + + void process(char *data, int width) { + #pragma omp for simd aligned(data : 1024) // <- aligned clause will be checked. + for (int x = 0; x < width; x++) + data[x] *= data[x]; + } + Core Analysis Improvements ========================== |