<div dir="ltr">Hi Vedant,<div><br></div><div>This commit has caused a compiler crash in our stage 2 green dragon ASAN+Ubsan bot (<a href="http://lab.llvm.org:8080/green/job/clang-stage2-cmake-RgSan_build/">http://lab.llvm.org:8080/green/job/clang-stage2-cmake-RgSan_build/</a>). I have reverted it in r293475. The following example reproduces the crash with -fsanitize=undefined :</div><div><div><br></div><div>  typedef unsigned long long uint64_t;</div><div>  typedef signed long long int64_t;</div><div><br></div><div>  uint64_t foo(int64_t x, unsigned i) {</div><div>   return x << i;</div><div>  }</div></div><div><br></div><div>Alex</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 27 January 2017 at 23:02, Vedant Kumar via cfe-commits <span dir="ltr"><<a href="mailto:cfe-commits@lists.llvm.org" target="_blank">cfe-commits@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: vedantk<br>
Date: Fri Jan 27 17:02:44 2017<br>
New Revision: 293343<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=293343&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project?rev=293343&view=rev</a><br>
Log:<br>
[ubsan] Sanity-check shift amounts before truncation (fixes PR27271)<br>
<br>
Ubsan does not report UB shifts in some cases where the shift exponent<br>
needs to be truncated to match the type of the shift base. We perform a<br>
range check on the truncated shift amount, leading to false negatives.<br>
<br>
Fix the issue (PR27271) by performing the range check on the original<br>
shift amount.<br>
<br>
Differential Revision: <a href="https://reviews.llvm.org/D29234" rel="noreferrer" target="_blank">https://reviews.llvm.org/<wbr>D29234</a><br>
<br>
Added:<br>
    cfe/trunk/test/CodeGen/ubsan-<wbr>shift.c<br>
Modified:<br>
    cfe/trunk/lib/CodeGen/<wbr>CGExprScalar.cpp<br>
<br>
Modified: cfe/trunk/lib/CodeGen/<wbr>CGExprScalar.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGExprScalar.cpp?rev=293343&r1=293342&r2=293343&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/cfe/trunk/lib/CodeGen/<wbr>CGExprScalar.cpp?rev=293343&<wbr>r1=293342&r2=293343&view=diff</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/lib/CodeGen/<wbr>CGExprScalar.cpp (original)<br>
+++ cfe/trunk/lib/CodeGen/<wbr>CGExprScalar.cpp Fri Jan 27 17:02:44 2017<br>
@@ -2751,8 +2751,8 @@ Value *ScalarExprEmitter::EmitShl(<wbr>const<br>
            isa<llvm::IntegerType>(Ops.<wbr>LHS->getType())) {<br>
     CodeGenFunction::<wbr>SanitizerScope SanScope(&CGF);<br>
     SmallVector<std::pair<Value *, SanitizerMask>, 2> Checks;<br>
-    llvm::Value *WidthMinusOne = GetWidthMinusOneValue(Ops.LHS, RHS);<br>
-    llvm::Value *ValidExponent = Builder.CreateICmpULE(RHS, WidthMinusOne);<br>
+    llvm::Value *WidthMinusOne = GetWidthMinusOneValue(Ops.LHS, Ops.RHS);<br>
+    llvm::Value *ValidExponent = Builder.CreateICmpULE(Ops.RHS, WidthMinusOne);<br>
<br>
     if (SanitizeExponent) {<br>
       Checks.push_back(<br>
<br>
Added: cfe/trunk/test/CodeGen/ubsan-<wbr>shift.c<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGen/ubsan-shift.c?rev=293343&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/cfe/trunk/test/<wbr>CodeGen/ubsan-shift.c?rev=<wbr>293343&view=auto</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/test/CodeGen/ubsan-<wbr>shift.c (added)<br>
+++ cfe/trunk/test/CodeGen/ubsan-<wbr>shift.c Fri Jan 27 17:02:44 2017<br>
@@ -0,0 +1,29 @@<br>
+// RUN: %clang_cc1 -triple=x86_64-apple-darwin -fsanitize=shift-exponent -emit-llvm %s -o - | FileCheck %s<br>
+<br>
+// CHECK-LABEL: define i32 @f1<br>
+int f1(int c, int shamt) {<br>
+// CHECK: icmp ule i32 %{{.*}}, 31, !nosanitize<br>
+// CHECK: icmp ule i32 %{{.*}}, 31, !nosanitize<br>
+  return 1 << (c << shamt);<br>
+}<br>
+<br>
+// CHECK-LABEL: define i32 @f2<br>
+int f2(long c, int shamt) {<br>
+// CHECK: icmp ule i32 %{{.*}}, 63, !nosanitize<br>
+// CHECK: icmp ule i64 %{{.*}}, 31, !nosanitize<br>
+  return 1 << (c << shamt);<br>
+}<br>
+<br>
+// CHECK-LABEL: define i32 @f3<br>
+unsigned f3(unsigned c, int shamt) {<br>
+// CHECK: icmp ule i32 %{{.*}}, 31, !nosanitize<br>
+// CHECK: icmp ule i32 %{{.*}}, 31, !nosanitize<br>
+  return 1U << (c << shamt);<br>
+}<br>
+<br>
+// CHECK-LABEL: define i32 @f4<br>
+unsigned f4(unsigned long c, int shamt) {<br>
+// CHECK: icmp ule i32 %{{.*}}, 63, !nosanitize<br>
+// CHECK: icmp ule i64 %{{.*}}, 31, !nosanitize<br>
+  return 1U << (c << shamt);<br>
+}<br>
<br>
<br>
______________________________<wbr>_________________<br>
cfe-commits mailing list<br>
<a href="mailto:cfe-commits@lists.llvm.org">cfe-commits@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/cfe-commits</a><br>
</blockquote></div><br></div>