diff options
author | Roman Lebedev <lebedev.ri@gmail.com> | 2019-01-14 19:09:27 +0000 |
---|---|---|
committer | Roman Lebedev <lebedev.ri@gmail.com> | 2019-01-14 19:09:27 +0000 |
commit | 13b4d37f6ce2ad0acec6f19fe970f38608716a90 (patch) | |
tree | c37255a71b9ea93c9e73c130ca6fc4d4684e8b2b /docs | |
parent | d5978a909d068b01cd2cb8ede2cffe84d3312741 (diff) |
[clang][UBSan] Sanitization for alignment assumptions.
Summary:
UB isn't nice. It's cool and powerful, but not nice.
Having a way to detect it is nice though.
[[ https://wg21.link/p1007r3 | P1007R3: std::assume_aligned ]] / http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p1007r2.pdf says:
```
We propose to add this functionality via a library function instead of a core language attribute.
...
If the pointer passed in is not aligned to at least N bytes, calling assume_aligned results in undefined behaviour.
```
This differential teaches clang to sanitize all the various variants of this assume-aligned attribute.
Requires D54588 for LLVM IRBuilder changes.
The compiler-rt part is D54590.
Reviewers: ABataev, craig.topper, vsk, rsmith, rnk, #sanitizers, erichkeane, filcab, rjmccall
Reviewed By: rjmccall
Subscribers: chandlerc, ldionne, EricWF, mclow.lists, cfe-commits, bkramer
Tags: #sanitizers
Differential Revision: https://reviews.llvm.org/D54589
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@351105 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'docs')
-rw-r--r-- | docs/ReleaseNotes.rst | 43 | ||||
-rw-r--r-- | docs/UndefinedBehaviorSanitizer.rst | 2 |
2 files changed, 44 insertions, 1 deletions
diff --git a/docs/ReleaseNotes.rst b/docs/ReleaseNotes.rst index 64991343d9..b6a405dbc7 100644 --- a/docs/ReleaseNotes.rst +++ b/docs/ReleaseNotes.rst @@ -321,6 +321,49 @@ Undefined Behavior Sanitizer (UBSan) * The Implicit Conversion Sanitizer (``-fsanitize=implicit-conversion``) has learned to sanitize compound assignment operators. +* ``alignment`` check has learned to sanitize the assume_aligned-like attributes: + + .. code-block:: c++ + + typedef char **__attribute__((align_value(1024))) aligned_char; + struct ac_struct { + aligned_char a; + }; + char **load_from_ac_struct(struct ac_struct *x) { + return x->a; // <- check that loaded 'a' is aligned + } + + char **passthrough(__attribute__((align_value(1024))) char **x) { + return x; // <- check the pointer passed as function argument + } + + char **__attribute__((alloc_align(2))) + alloc_align(int size, unsigned long alignment); + + char **caller(int size) { + return alloc_align(size, 1024); // <- check returned pointer + } + + char **__attribute__((assume_aligned(1024))) get_ptr(); + + char **caller2() { + return get_ptr(); // <- check returned pointer + } + + void *caller3(char **x) { + return __builtin_assume_aligned(x, 1024); // <- check returned pointer + } + + void *caller4(char **x, unsigned long offset) { + return __builtin_assume_aligned(x, 1024, offset); // <- check returned pointer accounting for the offest + } + + void process(char *data, int width) { + #pragma omp for simd aligned(data : 1024) // <- aligned clause will be checked. + for (int x = 0; x < width; x++) + data[x] *= data[x]; + } + Core Analysis Improvements ========================== diff --git a/docs/UndefinedBehaviorSanitizer.rst b/docs/UndefinedBehaviorSanitizer.rst index ddffee85c9..3700d4962d 100644 --- a/docs/UndefinedBehaviorSanitizer.rst +++ b/docs/UndefinedBehaviorSanitizer.rst @@ -72,7 +72,7 @@ Available checks Available checks are: - ``-fsanitize=alignment``: Use of a misaligned pointer or creation - of a misaligned reference. + of a misaligned reference. Also sanitizes assume_aligned-like attributes. - ``-fsanitize=bool``: Load of a ``bool`` value which is neither ``true`` nor ``false``. - ``-fsanitize=builtin``: Passing invalid values to compiler builtins. |