[compiler-rt] r352003 - [Sanitizers] UBSan unreachable incompatible with ASan in the presence of `noreturn` calls
Roman Lebedev via llvm-commits
llvm-commits at lists.llvm.org
Wed Jan 23 23:12:08 PST 2019
This doesn't seem to have gotten reviewed,
AND the lists weren't subscribed for the review.
This should likely be reverted.
On Thu, Jan 24, 2019 at 4:06 AM Julian Lettner via llvm-commits
<llvm-commits at lists.llvm.org> wrote:
>
> Author: yln
> Date: Wed Jan 23 17:06:19 2019
> New Revision: 352003
>
> URL: http://llvm.org/viewvc/llvm-project?rev=352003&view=rev
> Log:
> [Sanitizers] UBSan unreachable incompatible with ASan in the presence of `noreturn` calls
>
> Summary:
> UBSan wants to detect when unreachable code is actually reached, so it
> adds instrumentation before every `unreachable` instruction. However,
> the optimizer will remove code after calls to functions marked with
> `noreturn`. To avoid this UBSan removes `noreturn` from both the call
> instruction as well as from the function itself. Unfortunately, ASan
> relies on this annotation to unpoison the stack by inserting calls to
> `_asan_handle_no_return` before `noreturn` functions. This is important
> for functions that do not return but access the the stack memory, e.g.,
> unwinder functions *like* `longjmp` (`longjmp` itself is actually
> "double-proofed" via its interceptor). The result is that when ASan and
> UBSan are combined, the `noreturn` attributes are missing and ASan
> cannot unpoison the stack, so it has false positives when stack
> unwinding is used.
>
> Changes:
> # UBSan now adds the `expect_noreturn` attribute whenever it removes
> the `noreturn` attribute from a function
> # ASan additionally checks for the presence of this attribute
>
> Generated code:
> ```
> call void @__asan_handle_no_return // Additionally inserted to avoid false positives
> call void @longjmp
> call void @__asan_handle_no_return
> call void @__ubsan_handle_builtin_unreachable
> unreachable
> ```
>
> The second call to `__asan_handle_no_return` is redundant. This will be
> cleaned up in a follow-up patch.
>
> rdar://problem/40723397
>
> Reviewers: delcypher, eugenis
>
> Tags: #sanitizers
>
> Differential Revision: https://reviews.llvm.org/D56624
>
> Added:
> compiler-rt/trunk/test/ubsan/TestCases/Misc/unreachable_asan-compatibility.c
>
> Added: compiler-rt/trunk/test/ubsan/TestCases/Misc/unreachable_asan-compatibility.c
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/Misc/unreachable_asan-compatibility.c?rev=352003&view=auto
> ==============================================================================
> --- compiler-rt/trunk/test/ubsan/TestCases/Misc/unreachable_asan-compatibility.c (added)
> +++ compiler-rt/trunk/test/ubsan/TestCases/Misc/unreachable_asan-compatibility.c Wed Jan 23 17:06:19 2019
> @@ -0,0 +1,16 @@
> +// Ensure compatiblity of UBSan unreachable with ASan in the presence of
> +// noreturn functions
> +// RUN: %clang -O2 -fsanitize=address,unreachable %s -emit-llvm -S -o - | FileCheck %s
> +// REQUIRES: ubsan-asan
> +
> +void bar(void) __attribute__((noreturn));
> +
> +void foo() {
> + bar();
> +}
> +// CHECK-LABEL: define void @foo()
> +// CHECK: call void @__asan_handle_no_return
> +// CHECK-NEXT: call void @bar
> +// CHECK-NEXT: call void @__asan_handle_no_return
> +// CHECK-NEXT: call void @__ubsan_handle_builtin_unreachable
> +// CHECK-NEXT: unreachable
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
More information about the llvm-commits
mailing list