[all-commits] [llvm/llvm-project] 792674: -fsanitize=alignment: check memcpy/memmove argumen...

Fangrui Song via All-commits all-commits at lists.llvm.org
Mon Oct 9 23:02:21 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 792674400f6f04a074a3827349ed0e2ac10067f6
      https://github.com/llvm/llvm-project/commit/792674400f6f04a074a3827349ed0e2ac10067f6
  Author: Fangrui Song <i at maskray.me>
  Date:   2023-10-09 (Mon, 09 Oct 2023)

  Changed paths:
    M clang/include/clang/Basic/Sanitizers.h
    M clang/lib/CodeGen/CGBuiltin.cpp
    M clang/test/CodeGen/catch-undef-behavior.c
    M compiler-rt/test/ubsan/TestCases/TypeCheck/misaligned.cpp

  Log Message:
  -----------
  -fsanitize=alignment: check memcpy/memmove arguments (#67766)

The -fsanitize=alignment implementation follows the model that we allow
forming unaligned pointers but disallow accessing unaligned pointers.
See [RFC: Enforcing pointer type alignment in Clang](https://lists.llvm.org/pipermail/llvm-dev/2016-January/094012.html)
for detail.

memcpy is a memory access and we require an `int *` argument to be aligned.
Similar to https://reviews.llvm.org/D9673 , emit -fsanitize=alignment check for
arguments of builtin memcpy and memmove functions to catch misaligned load like:
```
// Check the alignment of a but ignore the alignment of b
void unaligned_load(int *a, void *b) { memcpy(a, b, sizeof(*a)); }
```

For a reference parameter, we emit a -fsanitize=alignment check as well, which
can be optimized out by InstCombinePass. We rely on the call site
`TCK_ReferenceBinding` check instead.
```
// The alignment check of a will be optimized out.
void unaligned_load(int &a, void *b) { memcpy(&a, b, sizeof(a)); }
```

The diagnostic message looks like
```
runtime error: store to misaligned address [[PTR:0x[0-9a-f]*]] for type 'int *'
```

We could use a better message for memcpy, but we don't do it for now as it would
require a new check name like misaligned-pointer-use, which is probably not
necessary. *RFC: Enforcing pointer type alignment in Clang* is not well documented,
but this patch does not intend to change the that.

Technically builtin memset functions can be checked for -fsanitize=alignment as
well, but it does not seem too useful.

More information about the All-commits mailing list