diff options
| author | Vedant Kumar <vsk@apple.com> | 2017-03-08 17:38:57 +0000 |
|---|---|---|
| committer | Vedant Kumar <vsk@apple.com> | 2017-03-08 17:38:57 +0000 |
| commit | a9ded305be0c0e5c0e703de987dd13286a2d971b (patch) | |
| tree | 9a6ea0e8f1af2cfe0ade5e34968f780646b65587 /test/CodeGenObjC | |
| parent | a40b07abcf4f782398ff0d86852ede6e86e8612a (diff) | |
[ubsan] Detect UB loads from bitfields
It's possible to load out-of-range values from bitfields backed by a
boolean or an enum. Check for UB loads from bitfields.
This is the motivating example:
struct S {
BOOL b : 1; // Signed ObjC BOOL.
};
S s;
s.b = 1; // This is actually stored as -1.
if (s.b == 1) // Evaluates to false, -1 != 1.
...
Differential Revision: https://reviews.llvm.org/D30423
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@297298 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test/CodeGenObjC')
| -rw-r--r-- | test/CodeGenObjC/ubsan-bool.m | 57 |
1 files changed, 55 insertions, 2 deletions
diff --git a/test/CodeGenObjC/ubsan-bool.m b/test/CodeGenObjC/ubsan-bool.m index 6d6c08358d..b30562c4d4 100644 --- a/test/CodeGenObjC/ubsan-bool.m +++ b/test/CodeGenObjC/ubsan-bool.m @@ -1,5 +1,5 @@ -// RUN: %clang_cc1 -x objective-c -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - | FileCheck %s -check-prefixes=SHARED,OBJC -// RUN: %clang_cc1 -x objective-c++ -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - | FileCheck %s -check-prefixes=SHARED,OBJC +// RUN: %clang_cc1 -x objective-c -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - -w | FileCheck %s -check-prefixes=SHARED,OBJC +// RUN: %clang_cc1 -x objective-c++ -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - -w | FileCheck %s -check-prefixes=SHARED,OBJC // RUN: %clang_cc1 -x c -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - | FileCheck %s -check-prefixes=SHARED,C typedef signed char BOOL; @@ -10,4 +10,57 @@ BOOL f1() { // C-NOT: call void @__ubsan_handle_load_invalid_value BOOL a = 2; return a + 1; + // SHARED: ret i8 } + +struct S1 { + BOOL b1 : 1; +}; + +// SHARED-LABEL: f2 +BOOL f2(struct S1 *s) { + // OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}} + // OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7 + // OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7 + // OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize + // OBJC: call void @__ubsan_handle_load_invalid_value + + // C-NOT: call void @__ubsan_handle_load_invalid_value + return s->b1; + // SHARED: ret i8 +} + +#ifdef __OBJC__ +@interface I1 { +@public + BOOL b1 : 1; +} +@property (nonatomic) BOOL b1; +@end +@implementation I1 +@synthesize b1; +@end + +// Check the synthesized getter. +// OBJC-LABEL: define internal signext i8 @"\01-[I1 b1]" +// OBJC: [[IVAR:%.*]] = load i64, i64* @"OBJC_IVAR_$_I1.b1" +// OBJC: [[ADDR:%.*]] = getelementptr inbounds i8, i8* {{.*}}, i64 [[IVAR]] +// OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}} +// OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7 +// OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7 +// OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize +// OBJC: call void @__ubsan_handle_load_invalid_value + +// Also check direct accesses to the ivar. +// OBJC-LABEL: f3 +BOOL f3(I1 *i) { + // OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}} + // OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7 + // OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7 + // OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize + // OBJC: call void @__ubsan_handle_load_invalid_value + + return i->b1; + // OBJC: ret i8 +} +#endif /* __OBJC__ */ |