[ubsan] nonnull and returns_nonnull sanitization

Alexey Samsonov vonosmas at gmail.com
Tue Jul 1 16:35:41 PDT 2014 

Sorry for delay.

+Richard

I think we are interested in adding these checks to Clang. I'll try to take
a look at how hard it is to implement them in the frontend (it shouldn't be
so), and then work on landing your patch into compiler-rt. Thanks!


On Fri, Jun 27, 2014 at 12:33 AM, Jakub Jelinek <jakub at redhat.com> wrote:

> Hi!
>
> I wrote yesterday undefined behavior sanitization for nonnull and
> returns_nonnull attributes for GCC, see
> http://gcc.gnu.org/ml/gcc-patches/2014-06/msg02181.html
> Users ran into issues with calling e.g. memset with NULL argument
> (and zero length), or similarly for qsort, the C99 standard says that is
> undefined behavior.
> We are using the compiler-rt libubsan library and AFAIK clang also added
> the nonnull and returns_nonnull attributes, therefore I wonder if you are
> interested in accepting this into compiler-rt libubsan (and reserve
> -fsanitize=nonnull and -fsanitize=returns-nonnull for command line
> compatibility if you want).
>
> If there is no interest in these, we could perhaps add GCC owned files
> to libsanitize/ubsan/, but then the two libraries would start to diverge.
>
> --- compiler-rt/lib/ubsan/ubsan_handlers.h.jj   2013-11-12
> 19:35:28.899621282 +0100
> +++ compiler-rt/lib/ubsan/ubsan_handlers.h      2014-06-27
> 09:18:27.856015669 +0200
> @@ -121,6 +121,20 @@ RECOVERABLE(function_type_mismatch,
>              FunctionTypeMismatchData *Data,
>              ValueHandle Val)
>
> +struct NonNullArgData {
> +  SourceLocation Loc;
> +};
> +
> +/// \brief Handle passing null to function argument with nonnull
> attribute.
> +RECOVERABLE(nonnull_arg, NonNullArgData *Data, uptr ArgNo)
> +
> +struct NonNullRetData {
> +  SourceLocation Loc;
> +};
> +
> +/// \brief Handle returning null from function with returns_nonnull
> attribute.
> +RECOVERABLE(nonnull_return, NonNullRetData *Data)
> +
>  }
>
>  #endif // UBSAN_HANDLERS_H
> --- compiler-rt/lib/ubsan/ubsan_handlers.cc.jj  2013-11-12
> 19:35:28.954620998 +0100
> +++ compiler-rt/lib/ubsan/ubsan_handlers.cc     2014-06-27
> 09:18:27.856015669 +0200
> @@ -279,3 +279,31 @@ void __ubsan::__ubsan_handle_function_ty
>    __ubsan_handle_function_type_mismatch(Data, Function);
>    Die();
>  }
> +
> +void __ubsan::__ubsan_handle_nonnull_arg(NonNullArgData *Data, uptr
> ArgNo) {
> +  SourceLocation Loc = Data->Loc.acquire();
> +  if (Loc.isDisabled())
> +    return;
> +
> +  Diag(Loc, DL_Error, "null argument where non-null required "
> +                     "(argument %0)") << ArgNo;
> +}
> +
> +void __ubsan::__ubsan_handle_nonnull_arg_abort(NonNullArgData *Data,
> +                                              uptr ArgNo) {
> +  __ubsan::__ubsan_handle_nonnull_arg(Data, ArgNo);
> +  Die();
> +}
> +
> +void __ubsan::__ubsan_handle_nonnull_return(NonNullRetData *Data) {
> +  SourceLocation Loc = Data->Loc.acquire();
> +  if (Loc.isDisabled())
> +    return;
> +
> +  Diag(Loc, DL_Error, "null return value where non-null required");
> +}
> +
> +void __ubsan::__ubsan_handle_nonnull_return_abort(NonNullRetData *Data) {
> +  __ubsan::__ubsan_handle_nonnull_return(Data);
> +  Die();
> +}
>
>         Jakub
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>



-- 
Alexey Samsonov
vonosmas at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20140701/da083ae5/attachment.html>

More information about the llvm-commits mailing list