r297298 - [ubsan] Detect UB loads from bitfields

Evgenii Stepanov via cfe-commits cfe-commits at lists.llvm.org
Wed Mar 8 17:09:55 PST 2017 

Thank you, that was quick!

On Wed, Mar 8, 2017 at 4:31 PM, Vedant Kumar <vsk at apple.com> wrote:
> Reverted in r297331.
>
> vedant
>
>> On Mar 8, 2017, at 4:25 PM, Evgenii Stepanov <eugeni.stepanov at gmail.com> wrote:
>>
>> This is crashing ubsan bootstrap:
>>
>> http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-bootstrap/builds/962/steps/build%20clang%2Fubsan/logs/stdio
>>
>> clang-5.0: /mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm/include/llvm/IR/Instructions.h:1110:
>> void llvm::ICmpInst::AssertOK(): Assertion `getOperand(0)->getType()
>> == getOperand(1)->getType() && "Both operands to ICmp instruction are
>> not of the same type!"' failed.
>> #0 0x0000000001f571ba llvm::sys::PrintStackTrace(llvm::raw_ostream&)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x1f571ba)
>> #1 0x0000000001f54e5e llvm::sys::RunSignalHandlers()
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x1f54e5e)
>> #2 0x0000000001f54fd2 SignalHandler(int)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x1f54fd2)
>> #3 0x00007f7decc81390 __restore_rt
>> (/lib/x86_64-linux-gnu/libpthread.so.0+0x11390)
>> #4 0x00007f7debc0e428 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x35428)
>> #5 0x00007f7debc1002a abort (/lib/x86_64-linux-gnu/libc.so.6+0x3702a)
>> #6 0x00007f7debc06bd7 (/lib/x86_64-linux-gnu/libc.so.6+0x2dbd7)
>> #7 0x00007f7debc06c82 (/lib/x86_64-linux-gnu/libc.so.6+0x2dc82)
>> #8 0x0000000002155ded llvm::IRBuilder<llvm::ConstantFolder,
>> clang::CodeGen::CGBuilderInserter>::CreateICmp(llvm::CmpInst::Predicate,
>> llvm::Value*, llvm::Value*, llvm::Twine const&)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2155ded)
>> #9 0x00000000022ade21
>> clang::CodeGen::CodeGenFunction::EmitScalarRangeCheck(llvm::Value*,
>> clang::QualType, clang::SourceLocation)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22ade21)
>> #10 0x00000000022af0ce
>> clang::CodeGen::CodeGenFunction::EmitLoadOfBitfieldLValue(clang::CodeGen::LValue,
>> clang::SourceLocation)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22af0ce)
>> #11 0x00000000022af48f
>> clang::CodeGen::CodeGenFunction::EmitLoadOfLValue(clang::CodeGen::LValue,
>> clang::SourceLocation)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22af48f)
>> #12 0x00000000022df2ab (anonymous
>> namespace)::ScalarExprEmitter::EmitLoadOfLValue(clang::Expr const*)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22df2ab)
>> #13 0x0000000000870194 (anonymous
>> namespace)::ScalarExprEmitter::VisitMemberExpr(clang::MemberExpr*)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x870194)
>> #14 0x00000000022dd7a4 (anonymous
>> namespace)::ScalarExprEmitter::Visit(clang::Expr*)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22dd7a4)
>> #15 0x0000000000870973 (anonymous
>> namespace)::ScalarExprEmitter::VisitCastExpr(clang::CastExpr*)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x870973)
>> #16 0x00000000022ddad0 (anonymous
>> namespace)::ScalarExprEmitter::Visit(clang::Expr*)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22ddad0)
>> #17 0x00000000022de763
>> clang::CodeGen::CodeGenFunction::EmitScalarExpr(clang::Expr const*,
>> bool) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22de763)
>> #18 0x00000000022a023d
>> clang::CodeGen::CodeGenFunction::EvaluateExprAsBool(clang::Expr
>> const*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x22a023d)
>> #19 0x000000000217f789
>> clang::CodeGen::CodeGenFunction::EmitBranchOnBoolExpr(clang::Expr
>> const*, llvm::BasicBlock*, llvm::BasicBlock*, unsigned long)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x217f789)
>> #20 0x000000000217fdaf
>> clang::CodeGen::CodeGenFunction::EmitBranchOnBoolExpr(clang::Expr
>> const*, llvm::BasicBlock*, llvm::BasicBlock*, unsigned long)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x217fdaf)
>> #21 0x0000000002148c63
>> clang::CodeGen::CodeGenFunction::EmitIfStmt(clang::IfStmt const&)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2148c63)
>> #22 0x0000000002147b57
>> clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2147b57)
>> #23 0x00000000021485ef
>> clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope(clang::CompoundStmt
>> const&, bool, clang::CodeGen::AggValueSlot)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21485ef)
>> #24 0x00000000021488f7
>> clang::CodeGen::CodeGenFunction::EmitCompoundStmt(clang::CompoundStmt
>> const&, bool, clang::CodeGen::AggValueSlot)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21488f7)
>> #25 0x000000000214b7b3
>> clang::CodeGen::CodeGenFunction::EmitSimpleStmt(clang::Stmt const*)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x214b7b3)
>> #26 0x0000000002147435
>> clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2147435)
>> #27 0x000000000227d4cc
>> clang::CodeGen::CodeGenFunction::EmitDestructorBody(clang::CodeGen::FunctionArgList&)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x227d4cc)
>> #28 0x0000000002185ceb
>> clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl,
>> llvm::Function*, clang::CodeGen::CGFunctionInfo const&)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2185ceb)
>> #29 0x000000000224e2f8
>> clang::CodeGen::CodeGenModule::codegenCXXStructor(clang::CXXMethodDecl
>> const*, clang::CodeGen::StructorType)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x224e2f8)
>> #30 0x00000000021e8eb2 (anonymous
>> namespace)::ItaniumCXXABI::emitCXXStructor(clang::CXXMethodDecl
>> const*, clang::CodeGen::StructorType)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21e8eb2)
>> #31 0x00000000021b626d
>> clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl,
>> llvm::GlobalValue*)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21b626d)
>> #32 0x00000000021b64cc clang::CodeGen::CodeGenModule::EmitDeferred()
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21b64cc)
>> #33 0x00000000021b64e6 clang::CodeGen::CodeGenModule::EmitDeferred()
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21b64e6)
>> #34 0x00000000021b6684 clang::CodeGen::CodeGenModule::Release()
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x21b6684)
>> #35 0x00000000027bfd37 (anonymous
>> namespace)::CodeGeneratorImpl::HandleTranslationUnit(clang::ASTContext&)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x27bfd37)
>> #36 0x00000000027be875
>> clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x27be875)
>> #37 0x0000000002b5c578 clang::ParseAST(clang::Sema&, bool, bool)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2b5c578)
>> #38 0x00000000027bdb5a clang::CodeGenAction::ExecuteAction()
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x27bdb5a)
>> #39 0x000000000248e3f6 clang::FrontendAction::Execute()
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x248e3f6)
>> #40 0x0000000002460d46
>> clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x2460d46)
>> #41 0x000000000251658a
>> clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0x251658a)
>> #42 0x0000000000a6e328 cc1_main(llvm::ArrayRef<char const*>, char
>> const*, void*) (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0xa6e328)
>> #43 0x0000000000a028cc main
>> (/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build0/bin/clang-5.0+0xa028cc)
>>
>> On Wed, Mar 8, 2017 at 9:38 AM, Vedant Kumar via cfe-commits
>> <cfe-commits at lists.llvm.org> wrote:
>>> Author: vedantk
>>> Date: Wed Mar  8 11:38:57 2017
>>> New Revision: 297298
>>>
>>> URL: http://llvm.org/viewvc/llvm-project?rev=297298&view=rev
>>> Log:
>>> [ubsan] Detect UB loads from bitfields
>>>
>>> It's possible to load out-of-range values from bitfields backed by a
>>> boolean or an enum. Check for UB loads from bitfields.
>>>
>>> This is the motivating example:
>>>
>>>  struct S {
>>>    BOOL b : 1; // Signed ObjC BOOL.
>>>  };
>>>
>>>  S s;
>>>  s.b = 1; // This is actually stored as -1.
>>>  if (s.b == 1) // Evaluates to false, -1 != 1.
>>>    ...
>>>
>>> Differential Revision: https://reviews.llvm.org/D30423
>>>
>>> Added:
>>>    cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp
>>> Modified:
>>>    cfe/trunk/lib/CodeGen/CGAtomic.cpp
>>>    cfe/trunk/lib/CodeGen/CGExpr.cpp
>>>    cfe/trunk/lib/CodeGen/CodeGenFunction.h
>>>    cfe/trunk/test/CodeGenObjC/ubsan-bool.m
>>>
>>> Modified: cfe/trunk/lib/CodeGen/CGAtomic.cpp
>>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGAtomic.cpp?rev=297298&r1=297297&r2=297298&view=diff
>>> ==============================================================================
>>> --- cfe/trunk/lib/CodeGen/CGAtomic.cpp (original)
>>> +++ cfe/trunk/lib/CodeGen/CGAtomic.cpp Wed Mar  8 11:38:57 2017
>>> @@ -1181,7 +1181,7 @@ RValue AtomicInfo::convertAtomicTempToRV
>>>   if (LVal.isBitField())
>>>     return CGF.EmitLoadOfBitfieldLValue(
>>>         LValue::MakeBitfield(addr, LVal.getBitFieldInfo(), LVal.getType(),
>>> -                             LVal.getAlignmentSource()));
>>> +                             LVal.getAlignmentSource()), loc);
>>>   if (LVal.isVectorElt())
>>>     return CGF.EmitLoadOfLValue(
>>>         LValue::MakeVectorElt(addr, LVal.getVectorIdx(), LVal.getType(),
>>>
>>> Modified: cfe/trunk/lib/CodeGen/CGExpr.cpp
>>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGExpr.cpp?rev=297298&r1=297297&r2=297298&view=diff
>>> ==============================================================================
>>> --- cfe/trunk/lib/CodeGen/CGExpr.cpp (original)
>>> +++ cfe/trunk/lib/CodeGen/CGExpr.cpp Wed Mar  8 11:38:57 2017
>>> @@ -1549,10 +1549,11 @@ RValue CodeGenFunction::EmitLoadOfLValue
>>>     return EmitLoadOfGlobalRegLValue(LV);
>>>
>>>   assert(LV.isBitField() && "Unknown LValue type!");
>>> -  return EmitLoadOfBitfieldLValue(LV);
>>> +  return EmitLoadOfBitfieldLValue(LV, Loc);
>>> }
>>>
>>> -RValue CodeGenFunction::EmitLoadOfBitfieldLValue(LValue LV) {
>>> +RValue CodeGenFunction::EmitLoadOfBitfieldLValue(LValue LV,
>>> +                                                 SourceLocation Loc) {
>>>   const CGBitFieldInfo &Info = LV.getBitFieldInfo();
>>>
>>>   // Get the output type.
>>> @@ -1577,7 +1578,7 @@ RValue CodeGenFunction::EmitLoadOfBitfie
>>>                               "bf.clear");
>>>   }
>>>   Val = Builder.CreateIntCast(Val, ResLTy, Info.IsSigned, "bf.cast");
>>> -
>>> +  EmitScalarRangeCheck(Val, LV.getType(), Loc);
>>>   return RValue::get(Val);
>>> }
>>>
>>>
>>> Modified: cfe/trunk/lib/CodeGen/CodeGenFunction.h
>>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CodeGenFunction.h?rev=297298&r1=297297&r2=297298&view=diff
>>> ==============================================================================
>>> --- cfe/trunk/lib/CodeGen/CodeGenFunction.h (original)
>>> +++ cfe/trunk/lib/CodeGen/CodeGenFunction.h Wed Mar  8 11:38:57 2017
>>> @@ -2943,7 +2943,7 @@ public:
>>>   /// rvalue, returning the rvalue.
>>>   RValue EmitLoadOfLValue(LValue V, SourceLocation Loc);
>>>   RValue EmitLoadOfExtVectorElementLValue(LValue V);
>>> -  RValue EmitLoadOfBitfieldLValue(LValue LV);
>>> +  RValue EmitLoadOfBitfieldLValue(LValue LV, SourceLocation Loc);
>>>   RValue EmitLoadOfGlobalRegLValue(LValue LV);
>>>
>>>   /// EmitStoreThroughLValue - Store the specified rvalue into the specified
>>>
>>> Added: cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp
>>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp?rev=297298&view=auto
>>> ==============================================================================
>>> --- cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp (added)
>>> +++ cfe/trunk/test/CodeGenCXX/ubsan-bitfields.cpp Wed Mar  8 11:38:57 2017
>>> @@ -0,0 +1,21 @@
>>> +// RUN: %clang_cc1 -std=c++11 -triple x86_64-apple-darwin10 -emit-llvm -o - %s -fsanitize=enum | FileCheck %s
>>> +
>>> +enum E {
>>> +  a = 1,
>>> +  b = 2,
>>> +  c = 3
>>> +};
>>> +
>>> +struct S {
>>> +  E e1 : 10;
>>> +};
>>> +
>>> +// CHECK-LABEL: define i32 @_Z4loadP1S
>>> +E load(S *s) {
>>> +  // CHECK: [[LOAD:%.*]] = load i16, i16* {{.*}}
>>> +  // CHECK: [[CLEAR:%.*]] = and i16 [[LOAD]], 1023
>>> +  // CHECK: [[CAST:%.*]] = zext i16 [[CLEAR]] to i32
>>> +  // CHECK: icmp ule i32 [[CAST]], 3, !nosanitize
>>> +  // CHECK: call void @__ubsan_handle_load_invalid_value
>>> +  return s->e1;
>>> +}
>>>
>>> Modified: cfe/trunk/test/CodeGenObjC/ubsan-bool.m
>>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGenObjC/ubsan-bool.m?rev=297298&r1=297297&r2=297298&view=diff
>>> ==============================================================================
>>> --- cfe/trunk/test/CodeGenObjC/ubsan-bool.m (original)
>>> +++ cfe/trunk/test/CodeGenObjC/ubsan-bool.m Wed Mar  8 11:38:57 2017
>>> @@ -1,5 +1,5 @@
>>> -// RUN: %clang_cc1 -x objective-c -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - | FileCheck %s -check-prefixes=SHARED,OBJC
>>> -// RUN: %clang_cc1 -x objective-c++ -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - | FileCheck %s -check-prefixes=SHARED,OBJC
>>> +// RUN: %clang_cc1 -x objective-c -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - -w | FileCheck %s -check-prefixes=SHARED,OBJC
>>> +// RUN: %clang_cc1 -x objective-c++ -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - -w | FileCheck %s -check-prefixes=SHARED,OBJC
>>> // RUN: %clang_cc1 -x c -emit-llvm -triple x86_64-apple-macosx10.10.0 -fsanitize=bool %s -o - | FileCheck %s -check-prefixes=SHARED,C
>>>
>>> typedef signed char BOOL;
>>> @@ -10,4 +10,57 @@ BOOL f1() {
>>>   // C-NOT: call void @__ubsan_handle_load_invalid_value
>>>   BOOL a = 2;
>>>   return a + 1;
>>> +  // SHARED: ret i8
>>> }
>>> +
>>> +struct S1 {
>>> +  BOOL b1 : 1;
>>> +};
>>> +
>>> +// SHARED-LABEL: f2
>>> +BOOL f2(struct S1 *s) {
>>> +  // OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}}
>>> +  // OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7
>>> +  // OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7
>>> +  // OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize
>>> +  // OBJC: call void @__ubsan_handle_load_invalid_value
>>> +
>>> +  // C-NOT: call void @__ubsan_handle_load_invalid_value
>>> +  return s->b1;
>>> +  // SHARED: ret i8
>>> +}
>>> +
>>> +#ifdef __OBJC__
>>> + at interface I1 {
>>> + at public
>>> +  BOOL b1 : 1;
>>> +}
>>> + at property (nonatomic) BOOL b1;
>>> + at end
>>> + at implementation I1
>>> + at synthesize b1;
>>> + at end
>>> +
>>> +// Check the synthesized getter.
>>> +// OBJC-LABEL: define internal signext i8 @"\01-[I1 b1]"
>>> +// OBJC: [[IVAR:%.*]] = load i64, i64* @"OBJC_IVAR_$_I1.b1"
>>> +// OBJC: [[ADDR:%.*]] = getelementptr inbounds i8, i8* {{.*}}, i64 [[IVAR]]
>>> +// OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}}
>>> +// OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7
>>> +// OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7
>>> +// OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize
>>> +// OBJC: call void @__ubsan_handle_load_invalid_value
>>> +
>>> +// Also check direct accesses to the ivar.
>>> +// OBJC-LABEL: f3
>>> +BOOL f3(I1 *i) {
>>> +  // OBJC: [[LOAD:%.*]] = load i8, i8* {{.*}}
>>> +  // OBJC: [[SHL:%.*]] = shl i8 [[LOAD]], 7
>>> +  // OBJC: [[ASHR:%.*]] = ashr i8 [[SHL]], 7
>>> +  // OBJC: icmp ule i8 [[ASHR]], 1, !nosanitize
>>> +  // OBJC: call void @__ubsan_handle_load_invalid_value
>>> +
>>> +  return i->b1;
>>> +  // OBJC: ret i8
>>> +}
>>> +#endif /* __OBJC__ */
>>>
>>>
>>> _______________________________________________
>>> cfe-commits mailing list
>>> cfe-commits at lists.llvm.org
>>> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
>

More information about the cfe-commits mailing list