<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div></div><div><br class=""></div><div><blockquote type="cite" class=""><div class="">On Jan 31, 2019, at 6:19 AM, Eric Liu <<a href="mailto:ioeric@google.com" class="">ioeric@google.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class="">And the stack trace is:<div class="">```</div><div class=""><div class="">1. <eof> parser at end of file [31/1788]</div><div class="">2. Code generation </div><div class="">3. Running pass 'Function Pass Manager' on module 'absl/base/internal/<a href="http://throw_delegate.cc" class="">throw_delegate.cc</a>'. </div><div class="">4. Running pass 'X86 DAG->DAG Instruction Selection' on function '@_ZN4absl13base_internal18ThrowStdLogicErrorERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE' </div><div class=""> #0 0x000055c42e7bce9d SignalHandler(int) (bin/clang+0x1aabe9d) </div><div class=""> #1 0x00007f41b11309a0 __restore_rt (/usr/grte/v4/lib64/libpthread.so.0+0xf9a0) </div><div class=""> #2 0x000055c42fe10b5b findUnwindDestinations(llvm::FunctionLoweringInfo&, llvm::BasicBlock const*, llvm::BranchProbability, llvm::SmallVectorImpl<std::__g::pair<llvm::MachineBasicBlock*, llvm::BranchProbability</div><div class="">> >&) (bin/clang+0x30ffb5b)</div><div class=""> #3 0x000055c42fe0b49a llvm::SelectionDAGBuilder::visitInvoke(llvm::InvokeInst const&) (bin/clang+0x30fa49a)</div><div class=""> #4 0x000055c4308a8a2f llvm::SelectionDAGBuilder::visit(llvm::Instruction const&) (bin/clang+0x3b97a2f)</div><div class=""> #5 0x000055c430878aa5 llvm::SelectionDAGISel::SelectBasicBlock(llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Instruction, false, false, void>, false, true>, llvm::ilist_iterator<llvm::ilist_detail</div><div class="">::node_options<llvm::Instruction, false, false, void>, false, true>, bool&) (bin/clang+0x3b67aa5)</div><div class=""> #6 0x000055c4308768ed llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) (bin/clang+0x3b658</div><div class="">ed)</div><div class=""> #7 0x000055c43087354a llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) (bin/clang+0x3b62</div><div class="">54a)</div><div class=""> #8 0x000055c43086d1da (anonymous namespace)::X86DAGToDAGISel::runOnMachineFunction(llvm::MachineFunction&) (</div><div class="">bin/clang+0x3b5c1da)</div><div class=""> #9 0x000055c4309eb833 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) (bin/clang+0x3cda833)</div><div class="">#10 0x000055c43070edbe llvm::FPPassManager::runOnFunction(llvm::Function&) (bin/clang+0x39fddbe)</div><div class="">#11 0x000055c430711521 llvm::FPPassManager::runOnModule(llvm::Module&) (bin/clang+0x3a00521)</div><div class="">#12 0x000055c42e4a6f7f llvm::legacy::PassManagerImpl::run(llvm::Module&) (bin/clang+0x1795f7f)</div><div class="">#13 0x000055c42e7d9594 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayou</div><div class="">t const&, llvm::Module*, clang::BackendAction, std::__g::unique_ptr<llvm::raw_pwrite_stream, std::__g::default_delete<llvm::raw_pwrite_stream> >) (bin/clang+0x1ac8594)</div><div class="">#14 0x000055c42e7a4d8c clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (bin/clang+0x1a93d8c</div><div class="">)</div><div class="">#15 0x000055c42e6499b6 clang::ParseAST(clang::Sema&, bool, bool) (bin/clang+0x19389b6)</div><div class="">#16 0x000055c42e7a8b37 clang::FrontendAction::Execute() (bin/clang+0x1a97b37)</div><div class="">#17 0x000055c42e7ae75f clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (bin/clang+0x1a9d75f)</div><div class="">#18 0x000055c42e796cfb clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (bin/clang+0x1a85cfb)</div><div class="">#19 0x000055c42e791071 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (bin/clang+0x1a80071)</div><div class="">#20 0x000055c42e5c019e main (bin/clang+0x18af19e)</div><div class="">#21 0x00007f41b0e9ebbd __libc_start_main (/usr/grte/v4/lib64/libc.so.6+0x38bbd)</div><div class="">#22 0x000055c42e6d44a9 _start (bin/clang+0x19c34a9)</div><div class="">clang: error: unable to execute command: Segmentation fault</div><div class="">clang: error: clang frontend command failed due to signal (use -v to see invocation)</div></div><div class="">```</div></div></div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jan 31, 2019 at 3:11 PM Eric Liu <<a href="mailto:ioeric@google.com" class="">ioeric@google.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class="">I managed to get a reproducer (attached) from absl:</div><div class="">```</div><div dir="ltr" class="">clang++ -std=c++17 -fsanitize=address,unreachable throw_delegate.pic.ii<br class=""></div><div dir="ltr" class="">```</div><div dir="ltr" class=""><br class=""></div><div class="">You could regenerate the preprocessed code:</div><div dir="ltr" class="">```</div><div class="">git clone <a href="https://github.com/abseil/abseil-cpp.git" target="_blank" class="">https://github.com/abseil/abseil-cpp.git</a><br class=""></div><div class="">cd abseil-cpp/absl</div><div class="">bazel build --compilation_mode=fastbuild --save_temps --compile_one_dependency base/internal/<a href="http://throw_delegate.cc" class="">throw_delegate.cc</a><br class=""></div><div class="">```</div><div class=""><br class=""></div><div class="">I'll revert the commit to unblock our integration process. Let us know if you need more information.</div><div class=""><br class=""></div><div class="">- Eric</div></div></div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jan 31, 2019 at 9:01 AM Eric Christopher <<a href="mailto:echristo@gmail.com" target="_blank" class="">echristo@gmail.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr" class="">Looks like this broke optimized asan builds via an assert in SCCP. I'll see what I can do about a testcase (or Eric will), however, would you mind reverting in the meantime?<div class=""><br class=""></div><div class="">Thanks!</div><div class=""><br class=""></div><div class="">-eric<br class=""><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jan 30, 2019 at 4:41 PM Julian Lettner via cfe-commits <<a href="mailto:cfe-commits@lists.llvm.org" target="_blank" class="">cfe-commits@lists.llvm.org</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Author: yln<br class="">
Date: Wed Jan 30 15:42:13 2019<br class="">
New Revision: 352690<br class="">
<br class="">
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=352690&view=rev" rel="noreferrer" target="_blank" class="">http://llvm.org/viewvc/llvm-project?rev=352690&view=rev</a><br class="">
Log:<br class="">
[Sanitizers] UBSan unreachable incompatible with ASan in the presence of `noreturn` calls<br class="">
<br class="">
Summary:<br class="">
UBSan wants to detect when unreachable code is actually reached, so it<br class="">
adds instrumentation before every unreachable instruction. However, the<br class="">
optimizer will remove code after calls to functions marked with<br class="">
noreturn. To avoid this UBSan removes noreturn from both the call<br class="">
instruction as well as from the function itself. Unfortunately, ASan<br class="">
relies on this annotation to unpoison the stack by inserting calls to<br class="">
_asan_handle_no_return before noreturn functions. This is important for<br class="">
functions that do not return but access the the stack memory, e.g.,<br class="">
unwinder functions *like* longjmp (longjmp itself is actually<br class="">
"double-proofed" via its interceptor). The result is that when ASan and<br class="">
UBSan are combined, the noreturn attributes are missing and ASan cannot<br class="">
unpoison the stack, so it has false positives when stack unwinding is<br class="">
used.<br class="">
<br class="">
Changes:<br class="">
Clang-CodeGen now directly insert calls to `__asan_handle_no_return`<br class="">
when a call to a noreturn function is encountered and both<br class="">
UBsan-unreachable and ASan are enabled. This allows UBSan to continue<br class="">
removing the noreturn attribute from functions without any changes to<br class="">
the ASan pass.<br class="">
<br class="">
Previously generated code:<br class="">
```<br class="">
call void @longjmp<br class="">
call void @__asan_handle_no_return<br class="">
call void @__ubsan_handle_builtin_unreachable<br class="">
```<br class="">
<br class="">
Generated code (for now):<br class="">
```<br class="">
call void @__asan_handle_no_return<br class="">
call void @longjmp<br class="">
call void @__asan_handle_no_return<br class="">
call void @__ubsan_handle_builtin_unreachable<br class="">
```<br class="">
<br class="">
<a href="rdar://problem/40723397" class="">rdar://problem/40723397</a><br class="">
<br class="">
Reviewers: delcypher, eugenis, vsk<br class="">
<br class="">
Differential Revision: <a href="https://reviews.llvm.org/D57278" rel="noreferrer" target="_blank" class="">https://reviews.llvm.org/D57278</a><br class="">
<br class="">
Added:<br class="">
cfe/trunk/test/CodeGen/ubsan-asan-noreturn.c<br class="">
Modified:<br class="">
cfe/trunk/lib/CodeGen/CGCall.cpp<br class="">
cfe/trunk/lib/CodeGen/CodeGenFunction.h<br class="">
cfe/trunk/test/CodeGenCXX/ubsan-unreachable.cpp<br class="">
<br class="">
Modified: cfe/trunk/lib/CodeGen/CGCall.cpp<br class="">
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGCall.cpp?rev=352690&r1=352689&r2=352690&view=diff" rel="noreferrer" target="_blank" class="">http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGCall.cpp?rev=352690&r1=352689&r2=352690&view=diff</a><br class="">
==============================================================================<br class="">
--- cfe/trunk/lib/CodeGen/CGCall.cpp (original)<br class="">
+++ cfe/trunk/lib/CodeGen/CGCall.cpp Wed Jan 30 15:42:13 2019<br class="">
@@ -4398,10 +4398,23 @@ RValue CodeGenFunction::EmitCall(const C<br class="">
<br class="">
// Strip away the noreturn attribute to better diagnose unreachable UB.<br class="">
if (SanOpts.has(SanitizerKind::Unreachable)) {<br class="">
+ // Also remove from function since CI->hasFnAttr(..) also checks attributes<br class="">
+ // of the called function.<br class="">
if (auto *F = CI->getCalledFunction())<br class="">
F->removeFnAttr(llvm::Attribute::NoReturn);<br class="">
CI->removeAttribute(llvm::AttributeList::FunctionIndex,<br class="">
llvm::Attribute::NoReturn);<br class="">
+<br class="">
+ // Avoid incompatibility with ASan which relies on the `noreturn`<br class="">
+ // attribute to insert handler calls.<br class="">
+ if (SanOpts.has(SanitizerKind::Address)) {<br class="">
+ SanitizerScope SanScope(this);<br class="">
+ Builder.SetInsertPoint(CI);<br class="">
+ auto *FnType = llvm::FunctionType::get(CGM.VoidTy, /*isVarArg=*/false);<br class="">
+ auto *Fn = CGM.CreateRuntimeFunction(FnType, "__asan_handle_no_return");<br class="">
+ EmitNounwindRuntimeCall(Fn);<br class="">
+ Builder.SetInsertPoint(CI->getParent());<br class="">
+ }<br class="">
}<br class="">
<br class="">
EmitUnreachable(Loc);<br class="">
<br class="">
Modified: cfe/trunk/lib/CodeGen/CodeGenFunction.h<br class="">
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CodeGenFunction.h?rev=352690&r1=352689&r2=352690&view=diff" rel="noreferrer" target="_blank" class="">http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CodeGenFunction.h?rev=352690&r1=352689&r2=352690&view=diff</a><br class="">
==============================================================================<br class="">
--- cfe/trunk/lib/CodeGen/CodeGenFunction.h (original)<br class="">
+++ cfe/trunk/lib/CodeGen/CodeGenFunction.h Wed Jan 30 15:42:13 2019<br class="">
@@ -4084,8 +4084,8 @@ public:<br class="">
/// passing to a runtime sanitizer handler.<br class="">
llvm::Constant *EmitCheckSourceLocation(SourceLocation Loc);<br class="">
<br class="">
- /// Create a basic block that will call a handler function in a<br class="">
- /// sanitizer runtime with the provided arguments, and create a conditional<br class="">
+ /// Create a basic block that will either trap or call a handler function in<br class="">
+ /// the UBSan runtime with the provided arguments, and create a conditional<br class="">
/// branch to it.<br class="">
void EmitCheck(ArrayRef<std::pair<llvm::Value *, SanitizerMask>> Checked,<br class="">
SanitizerHandler Check, ArrayRef<llvm::Constant *> StaticArgs,<br class="">
<br class="">
Added: cfe/trunk/test/CodeGen/ubsan-asan-noreturn.c<br class="">
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGen/ubsan-asan-noreturn.c?rev=352690&view=auto" rel="noreferrer" target="_blank" class="">http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGen/ubsan-asan-noreturn.c?rev=352690&view=auto</a><br class="">
==============================================================================<br class="">
--- cfe/trunk/test/CodeGen/ubsan-asan-noreturn.c (added)<br class="">
+++ cfe/trunk/test/CodeGen/ubsan-asan-noreturn.c Wed Jan 30 15:42:13 2019<br class="">
@@ -0,0 +1,21 @@<br class="">
+// Ensure compatiblity of UBSan unreachable with ASan in the presence of<br class="">
+// noreturn functions.<br class="">
+// RUN: %clang_cc1 -fsanitize=unreachable,address -triple x86_64-linux -emit-llvm -o - %s | FileCheck %s<br class="">
+<br class="">
+void my_longjmp(void) __attribute__((noreturn));<br class="">
+<br class="">
+// CHECK-LABEL: define void @calls_noreturn()<br class="">
+void calls_noreturn() {<br class="">
+ my_longjmp();<br class="">
+ // CHECK: @__asan_handle_no_return{{.*}} !nosanitize<br class="">
+ // CHECK-NEXT: @my_longjmp(){{[^#]*}}<br class="">
+ // CHECK: @__asan_handle_no_return()<br class="">
+ // CHECK-NEXT: @__ubsan_handle_builtin_unreachable{{.*}} !nosanitize<br class="">
+ // CHECK-NEXT: unreachable<br class="">
+}<br class="">
+<br class="">
+// CHECK: declare void @my_longjmp() [[FN_ATTR:#[0-9]+]]<br class="">
+// CHECK: declare void @__asan_handle_no_return()<br class="">
+<br class="">
+// CHECK-LABEL: attributes<br class="">
+// CHECK-NOT: [[FN_ATTR]] = { {{.*noreturn.*}} }<br class="">
<br class="">
Modified: cfe/trunk/test/CodeGenCXX/ubsan-unreachable.cpp<br class="">
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGenCXX/ubsan-unreachable.cpp?rev=352690&r1=352689&r2=352690&view=diff" rel="noreferrer" target="_blank" class="">http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGenCXX/ubsan-unreachable.cpp?rev=352690&r1=352689&r2=352690&view=diff</a><br class="">
==============================================================================<br class="">
--- cfe/trunk/test/CodeGenCXX/ubsan-unreachable.cpp (original)<br class="">
+++ cfe/trunk/test/CodeGenCXX/ubsan-unreachable.cpp Wed Jan 30 15:42:13 2019<br class="">
@@ -1,39 +1,37 @@<br class="">
// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -emit-llvm -o - %s -fsanitize=unreachable | FileCheck %s<br class="">
<br class="">
-extern void __attribute__((noreturn)) abort();<br class="">
+void abort() __attribute__((noreturn));<br class="">
<br class="">
-// CHECK-LABEL: define void @_Z14calls_noreturnv<br class="">
+// CHECK-LABEL: define void @_Z14calls_noreturnv()<br class="">
void calls_noreturn() {<br class="">
+ // Check absence ([^#]*) of call site attributes (including noreturn)<br class="">
+ // CHECK: call void @_Z5abortv(){{[^#]*}}<br class="">
abort();<br class="">
<br class="">
- // Check that there are no attributes on the call site.<br class="">
- // CHECK-NOT: call void @_Z5abortv{{.*}}#<br class="">
-<br class="">
// CHECK: __ubsan_handle_builtin_unreachable<br class="">
// CHECK: unreachable<br class="">
}<br class="">
<br class="">
struct A {<br class="">
- // CHECK: declare void @_Z5abortv{{.*}} [[ABORT_ATTR:#[0-9]+]]<br class="">
+ // CHECK: declare void @_Z5abortv() [[EXTERN_FN_ATTR:#[0-9]+]]<br class="">
<br class="">
// CHECK-LABEL: define linkonce_odr void @_ZN1A5call1Ev<br class="">
void call1() {<br class="">
- // CHECK-NOT: call void @_ZN1A16does_not_return2Ev{{.*}}#<br class="">
+ // CHECK: call void @_ZN1A16does_not_return2Ev({{.*}}){{[^#]*}}<br class="">
does_not_return2();<br class="">
<br class="">
// CHECK: __ubsan_handle_builtin_unreachable<br class="">
// CHECK: unreachable<br class="">
}<br class="">
<br class="">
- // Test static members.<br class="">
- static void __attribute__((noreturn)) does_not_return1() {<br class="">
- // CHECK-NOT: call void @_Z5abortv{{.*}}#<br class="">
+ // Test static members. Checks are below after `struct A` scope ends.<br class="">
+ static void does_not_return1() __attribute__((noreturn)) {<br class="">
abort();<br class="">
}<br class="">
<br class="">
// CHECK-LABEL: define linkonce_odr void @_ZN1A5call2Ev<br class="">
void call2() {<br class="">
- // CHECK-NOT: call void @_ZN1A16does_not_return1Ev{{.*}}#<br class="">
+ // CHECK: call void @_ZN1A16does_not_return1Ev(){{[^#]*}}<br class="">
does_not_return1();<br class="">
<br class="">
// CHECK: __ubsan_handle_builtin_unreachable<br class="">
@@ -41,23 +39,23 @@ struct A {<br class="">
}<br class="">
<br class="">
// Test calls through pointers to non-static member functions.<br class="">
- typedef void __attribute__((noreturn)) (A::*MemFn)();<br class="">
+ typedef void (A::*MemFn)() __attribute__((noreturn));<br class="">
<br class="">
// CHECK-LABEL: define linkonce_odr void @_ZN1A5call3Ev<br class="">
void call3() {<br class="">
MemFn MF = &A::does_not_return2;<br class="">
+ // CHECK: call void %{{[0-9]+\(.*}}){{[^#]*}}<br class="">
(this->*MF)();<br class="">
<br class="">
- // CHECK-NOT: call void %{{.*}}#<br class="">
// CHECK: __ubsan_handle_builtin_unreachable<br class="">
// CHECK: unreachable<br class="">
}<br class="">
<br class="">
// Test regular members.<br class="">
// CHECK-LABEL: define linkonce_odr void @_ZN1A16does_not_return2Ev({{.*}})<br class="">
- // CHECK-SAME: [[DOES_NOT_RETURN_ATTR:#[0-9]+]]<br class="">
- void __attribute__((noreturn)) does_not_return2() {<br class="">
- // CHECK-NOT: call void @_Z5abortv(){{.*}}#<br class="">
+ // CHECK-SAME: [[USER_FN_ATTR:#[0-9]+]]<br class="">
+ void does_not_return2() __attribute__((noreturn)) {<br class="">
+ // CHECK: call void @_Z5abortv(){{[^#]*}}<br class="">
abort();<br class="">
<br class="">
// CHECK: call void @__ubsan_handle_builtin_unreachable<br class="">
@@ -68,7 +66,9 @@ struct A {<br class="">
}<br class="">
};<br class="">
<br class="">
-// CHECK: define linkonce_odr void @_ZN1A16does_not_return1Ev() [[DOES_NOT_RETURN_ATTR]]<br class="">
+// CHECK-LABEL: define linkonce_odr void @_ZN1A16does_not_return1Ev()<br class="">
+// CHECK-SAME: [[USER_FN_ATTR]]<br class="">
+// CHECK: call void @_Z5abortv(){{[^#]*}}<br class="">
<br class="">
void force_irgen() {<br class="">
A a;<br class="">
@@ -77,5 +77,7 @@ void force_irgen() {<br class="">
a.call3();<br class="">
}<br class="">
<br class="">
-// CHECK-NOT: [[ABORT_ATTR]] = {{[^}]+}}noreturn<br class="">
-// CHECK-NOT: [[DOES_NOT_RETURN_ATTR]] = {{[^}]+}}noreturn<br class="">
+// `noreturn` should be removed from functions and call sites<br class="">
+// CHECK-LABEL: attributes<br class="">
+// CHECK-NOT: [[USER_FN_ATTR]] = { {{.*noreturn.*}} }<br class="">
+// CHECK-NOT: [[EXTERN_FN_ATTR]] = { {{.*noreturn.*}} }<br class="">
<br class="">
<br class="">
_______________________________________________<br class="">
cfe-commits mailing list<br class="">
<a href="mailto:cfe-commits@lists.llvm.org" target="_blank" class="">cfe-commits@lists.llvm.org</a><br class="">
<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits" rel="noreferrer" target="_blank" class="">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits</a><br class="">
</blockquote></div></div></div>
</blockquote></div>
</blockquote></div>
</div></blockquote></div><br class=""></div></body></html>