r352690 - [Sanitizers] UBSan unreachable incompatible with ASan in the presence of `noreturn` calls

Eric Liu via cfe-commits cfe-commits at lists.llvm.org
Thu Jan 31 06:19:20 PST 2019


And the stack trace is:
```
1.      <eof> parser at end of file

                                                   [31/1788]
2.      Code generation


3.      Running pass 'Function Pass Manager' on module
'absl/base/internal/throw_delegate.cc'.


4.      Running pass 'X86 DAG->DAG Instruction Selection' on function
'@_ZN4absl13base_internal18ThrowStdLogicErrorERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE'

 #0 0x000055c42e7bce9d SignalHandler(int) (bin/clang+0x1aabe9d)

 #1 0x00007f41b11309a0 __restore_rt
(/usr/grte/v4/lib64/libpthread.so.0+0xf9a0)


 #2 0x000055c42fe10b5b findUnwindDestinations(llvm::FunctionLoweringInfo&,
llvm::BasicBlock const*, llvm::BranchProbability,
llvm::SmallVectorImpl<std::__g::pair<llvm::MachineBasicBlock*,
llvm::BranchProbability
> >&) (bin/clang+0x30ffb5b)
 #3 0x000055c42fe0b49a
llvm::SelectionDAGBuilder::visitInvoke(llvm::InvokeInst const&)
(bin/clang+0x30fa49a)
 #4 0x000055c4308a8a2f llvm::SelectionDAGBuilder::visit(llvm::Instruction
const&) (bin/clang+0x3b97a2f)
 #5 0x000055c430878aa5
llvm::SelectionDAGISel::SelectBasicBlock(llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Instruction,
false, false, void>, false, true>, llvm::ilist_iterator<llvm::ilist_detail
::node_options<llvm::Instruction, false, false, void>, false, true>, bool&)
(bin/clang+0x3b67aa5)
 #6 0x000055c4308768ed
llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&)
(bin/clang+0x3b658
ed)
 #7 0x000055c43087354a
llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&)
(bin/clang+0x3b62
54a)
 #8 0x000055c43086d1da (anonymous
namespace)::X86DAGToDAGISel::runOnMachineFunction(llvm::MachineFunction&) (
bin/clang+0x3b5c1da)
 #9 0x000055c4309eb833
llvm::MachineFunctionPass::runOnFunction(llvm::Function&)
(bin/clang+0x3cda833)
#10 0x000055c43070edbe llvm::FPPassManager::runOnFunction(llvm::Function&)
(bin/clang+0x39fddbe)
#11 0x000055c430711521 llvm::FPPassManager::runOnModule(llvm::Module&)
(bin/clang+0x3a00521)
#12 0x000055c42e4a6f7f llvm::legacy::PassManagerImpl::run(llvm::Module&)
(bin/clang+0x1795f7f)
#13 0x000055c42e7d9594 clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::HeaderSearchOptions const&, clang::CodeGenOptions const&,
clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayou
t const&, llvm::Module*, clang::BackendAction,
std::__g::unique_ptr<llvm::raw_pwrite_stream,
std::__g::default_delete<llvm::raw_pwrite_stream> >) (bin/clang+0x1ac8594)
#14 0x000055c42e7a4d8c
clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
(bin/clang+0x1a93d8c
)
#15 0x000055c42e6499b6 clang::ParseAST(clang::Sema&, bool, bool)
(bin/clang+0x19389b6)
#16 0x000055c42e7a8b37 clang::FrontendAction::Execute()
(bin/clang+0x1a97b37)
#17 0x000055c42e7ae75f
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(bin/clang+0x1a9d75f)
#18 0x000055c42e796cfb
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(bin/clang+0x1a85cfb)
#19 0x000055c42e791071 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (bin/clang+0x1a80071)
#20 0x000055c42e5c019e main (bin/clang+0x18af19e)
#21 0x00007f41b0e9ebbd __libc_start_main
(/usr/grte/v4/lib64/libc.so.6+0x38bbd)
#22 0x000055c42e6d44a9 _start (bin/clang+0x19c34a9)
clang: error: unable to execute command: Segmentation fault
clang: error: clang frontend command failed due to signal (use -v to see
invocation)
```

On Thu, Jan 31, 2019 at 3:11 PM Eric Liu <ioeric at google.com> wrote:

> I managed to get a reproducer (attached) from absl:
> ```
> clang++ -std=c++17  -fsanitize=address,unreachable throw_delegate.pic.ii
> ```
>
> You could regenerate the preprocessed code:
> ```
> git clone https://github.com/abseil/abseil-cpp.git
> cd abseil-cpp/absl
> bazel build --compilation_mode=fastbuild --save_temps
> --compile_one_dependency base/internal/throw_delegate.cc
> ```
>
> I'll revert the commit to unblock our integration process. Let us know if
> you need more information.
>
> - Eric
>
> On Thu, Jan 31, 2019 at 9:01 AM Eric Christopher <echristo at gmail.com>
> wrote:
>
>> Looks like this broke optimized asan builds via an assert in SCCP. I'll
>> see what I can do about a testcase (or Eric will), however, would you mind
>> reverting in the meantime?
>>
>> Thanks!
>>
>> -eric
>>
>> On Wed, Jan 30, 2019 at 4:41 PM Julian Lettner via cfe-commits <
>> cfe-commits at lists.llvm.org> wrote:
>>
>>> Author: yln
>>> Date: Wed Jan 30 15:42:13 2019
>>> New Revision: 352690
>>>
>>> URL: http://llvm.org/viewvc/llvm-project?rev=352690&view=rev
>>> Log:
>>> [Sanitizers] UBSan unreachable incompatible with ASan in the presence of
>>> `noreturn` calls
>>>
>>> Summary:
>>> UBSan wants to detect when unreachable code is actually reached, so it
>>> adds instrumentation before every unreachable instruction. However, the
>>> optimizer will remove code after calls to functions marked with
>>> noreturn. To avoid this UBSan removes noreturn from both the call
>>> instruction as well as from the function itself. Unfortunately, ASan
>>> relies on this annotation to unpoison the stack by inserting calls to
>>> _asan_handle_no_return before noreturn functions. This is important for
>>> functions that do not return but access the the stack memory, e.g.,
>>> unwinder functions *like* longjmp (longjmp itself is actually
>>> "double-proofed" via its interceptor). The result is that when ASan and
>>> UBSan are combined, the noreturn attributes are missing and ASan cannot
>>> unpoison the stack, so it has false positives when stack unwinding is
>>> used.
>>>
>>> Changes:
>>> Clang-CodeGen now directly insert calls to `__asan_handle_no_return`
>>> when a call to a noreturn function is encountered and both
>>> UBsan-unreachable and ASan are enabled. This allows UBSan to continue
>>> removing the noreturn attribute from functions without any changes to
>>> the ASan pass.
>>>
>>> Previously generated code:
>>> ```
>>>   call void @longjmp
>>>   call void @__asan_handle_no_return
>>>   call void @__ubsan_handle_builtin_unreachable
>>> ```
>>>
>>> Generated code (for now):
>>> ```
>>>   call void @__asan_handle_no_return
>>>   call void @longjmp
>>>   call void @__asan_handle_no_return
>>>   call void @__ubsan_handle_builtin_unreachable
>>> ```
>>>
>>> rdar://problem/40723397
>>>
>>> Reviewers: delcypher, eugenis, vsk
>>>
>>> Differential Revision: https://reviews.llvm.org/D57278
>>>
>>> Added:
>>>     cfe/trunk/test/CodeGen/ubsan-asan-noreturn.c
>>> Modified:
>>>     cfe/trunk/lib/CodeGen/CGCall.cpp
>>>     cfe/trunk/lib/CodeGen/CodeGenFunction.h
>>>     cfe/trunk/test/CodeGenCXX/ubsan-unreachable.cpp
>>>
>>> Modified: cfe/trunk/lib/CodeGen/CGCall.cpp
>>> URL:
>>> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGCall.cpp?rev=352690&r1=352689&r2=352690&view=diff
>>>
>>> ==============================================================================
>>> --- cfe/trunk/lib/CodeGen/CGCall.cpp (original)
>>> +++ cfe/trunk/lib/CodeGen/CGCall.cpp Wed Jan 30 15:42:13 2019
>>> @@ -4398,10 +4398,23 @@ RValue CodeGenFunction::EmitCall(const C
>>>
>>>      // Strip away the noreturn attribute to better diagnose unreachable
>>> UB.
>>>      if (SanOpts.has(SanitizerKind::Unreachable)) {
>>> +      // Also remove from function since CI->hasFnAttr(..) also checks
>>> attributes
>>> +      // of the called function.
>>>        if (auto *F = CI->getCalledFunction())
>>>          F->removeFnAttr(llvm::Attribute::NoReturn);
>>>        CI->removeAttribute(llvm::AttributeList::FunctionIndex,
>>>                            llvm::Attribute::NoReturn);
>>> +
>>> +      // Avoid incompatibility with ASan which relies on the `noreturn`
>>> +      // attribute to insert handler calls.
>>> +      if (SanOpts.has(SanitizerKind::Address)) {
>>> +        SanitizerScope SanScope(this);
>>> +        Builder.SetInsertPoint(CI);
>>> +        auto *FnType = llvm::FunctionType::get(CGM.VoidTy,
>>> /*isVarArg=*/false);
>>> +        auto *Fn = CGM.CreateRuntimeFunction(FnType,
>>> "__asan_handle_no_return");
>>> +        EmitNounwindRuntimeCall(Fn);
>>> +        Builder.SetInsertPoint(CI->getParent());
>>> +      }
>>>      }
>>>
>>>      EmitUnreachable(Loc);
>>>
>>> Modified: cfe/trunk/lib/CodeGen/CodeGenFunction.h
>>> URL:
>>> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CodeGenFunction.h?rev=352690&r1=352689&r2=352690&view=diff
>>>
>>> ==============================================================================
>>> --- cfe/trunk/lib/CodeGen/CodeGenFunction.h (original)
>>> +++ cfe/trunk/lib/CodeGen/CodeGenFunction.h Wed Jan 30 15:42:13 2019
>>> @@ -4084,8 +4084,8 @@ public:
>>>    /// passing to a runtime sanitizer handler.
>>>    llvm::Constant *EmitCheckSourceLocation(SourceLocation Loc);
>>>
>>> -  /// Create a basic block that will call a handler function in a
>>> -  /// sanitizer runtime with the provided arguments, and create a
>>> conditional
>>> +  /// Create a basic block that will either trap or call a handler
>>> function in
>>> +  /// the UBSan runtime with the provided arguments, and create a
>>> conditional
>>>    /// branch to it.
>>>    void EmitCheck(ArrayRef<std::pair<llvm::Value *, SanitizerMask>>
>>> Checked,
>>>                   SanitizerHandler Check, ArrayRef<llvm::Constant *>
>>> StaticArgs,
>>>
>>> Added: cfe/trunk/test/CodeGen/ubsan-asan-noreturn.c
>>> URL:
>>> http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGen/ubsan-asan-noreturn.c?rev=352690&view=auto
>>>
>>> ==============================================================================
>>> --- cfe/trunk/test/CodeGen/ubsan-asan-noreturn.c (added)
>>> +++ cfe/trunk/test/CodeGen/ubsan-asan-noreturn.c Wed Jan 30 15:42:13 2019
>>> @@ -0,0 +1,21 @@
>>> +// Ensure compatiblity of UBSan unreachable with ASan in the presence of
>>> +// noreturn functions.
>>> +// RUN: %clang_cc1 -fsanitize=unreachable,address -triple x86_64-linux
>>> -emit-llvm -o - %s | FileCheck %s
>>> +
>>> +void my_longjmp(void) __attribute__((noreturn));
>>> +
>>> +// CHECK-LABEL: define void @calls_noreturn()
>>> +void calls_noreturn() {
>>> +  my_longjmp();
>>> +  // CHECK:      @__asan_handle_no_return{{.*}} !nosanitize
>>> +  // CHECK-NEXT: @my_longjmp(){{[^#]*}}
>>> +  // CHECK:      @__asan_handle_no_return()
>>> +  // CHECK-NEXT: @__ubsan_handle_builtin_unreachable{{.*}} !nosanitize
>>> +  // CHECK-NEXT: unreachable
>>> +}
>>> +
>>> +// CHECK: declare void @my_longjmp() [[FN_ATTR:#[0-9]+]]
>>> +// CHECK: declare void @__asan_handle_no_return()
>>> +
>>> +// CHECK-LABEL: attributes
>>> +// CHECK-NOT: [[FN_ATTR]] = { {{.*noreturn.*}} }
>>>
>>> Modified: cfe/trunk/test/CodeGenCXX/ubsan-unreachable.cpp
>>> URL:
>>> http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGenCXX/ubsan-unreachable.cpp?rev=352690&r1=352689&r2=352690&view=diff
>>>
>>> ==============================================================================
>>> --- cfe/trunk/test/CodeGenCXX/ubsan-unreachable.cpp (original)
>>> +++ cfe/trunk/test/CodeGenCXX/ubsan-unreachable.cpp Wed Jan 30 15:42:13
>>> 2019
>>> @@ -1,39 +1,37 @@
>>>  // RUN: %clang_cc1 -triple x86_64-apple-darwin10 -emit-llvm -o - %s
>>> -fsanitize=unreachable | FileCheck %s
>>>
>>> -extern void __attribute__((noreturn)) abort();
>>> +void abort() __attribute__((noreturn));
>>>
>>> -// CHECK-LABEL: define void @_Z14calls_noreturnv
>>> +// CHECK-LABEL: define void @_Z14calls_noreturnv()
>>>  void calls_noreturn() {
>>> +  // Check absence ([^#]*) of call site attributes (including noreturn)
>>> +  // CHECK: call void @_Z5abortv(){{[^#]*}}
>>>    abort();
>>>
>>> -  // Check that there are no attributes on the call site.
>>> -  // CHECK-NOT: call void @_Z5abortv{{.*}}#
>>> -
>>>    // CHECK: __ubsan_handle_builtin_unreachable
>>>    // CHECK: unreachable
>>>  }
>>>
>>>  struct A {
>>> -  // CHECK: declare void @_Z5abortv{{.*}} [[ABORT_ATTR:#[0-9]+]]
>>> +  // CHECK: declare void @_Z5abortv() [[EXTERN_FN_ATTR:#[0-9]+]]
>>>
>>>    // CHECK-LABEL: define linkonce_odr void @_ZN1A5call1Ev
>>>    void call1() {
>>> -    // CHECK-NOT: call void @_ZN1A16does_not_return2Ev{{.*}}#
>>> +    // CHECK: call void @_ZN1A16does_not_return2Ev({{.*}}){{[^#]*}}
>>>      does_not_return2();
>>>
>>>      // CHECK: __ubsan_handle_builtin_unreachable
>>>      // CHECK: unreachable
>>>    }
>>>
>>> -  // Test static members.
>>> -  static void __attribute__((noreturn)) does_not_return1() {
>>> -    // CHECK-NOT: call void @_Z5abortv{{.*}}#
>>> +  // Test static members. Checks are below after `struct A` scope ends.
>>> +  static void does_not_return1() __attribute__((noreturn)) {
>>>      abort();
>>>    }
>>>
>>>    // CHECK-LABEL: define linkonce_odr void @_ZN1A5call2Ev
>>>    void call2() {
>>> -    // CHECK-NOT: call void @_ZN1A16does_not_return1Ev{{.*}}#
>>> +    // CHECK: call void @_ZN1A16does_not_return1Ev(){{[^#]*}}
>>>      does_not_return1();
>>>
>>>      // CHECK: __ubsan_handle_builtin_unreachable
>>> @@ -41,23 +39,23 @@ struct A {
>>>    }
>>>
>>>    // Test calls through pointers to non-static member functions.
>>> -  typedef void __attribute__((noreturn)) (A::*MemFn)();
>>> +  typedef void (A::*MemFn)() __attribute__((noreturn));
>>>
>>>    // CHECK-LABEL: define linkonce_odr void @_ZN1A5call3Ev
>>>    void call3() {
>>>      MemFn MF = &A::does_not_return2;
>>> +    // CHECK: call void %{{[0-9]+\(.*}}){{[^#]*}}
>>>      (this->*MF)();
>>>
>>> -    // CHECK-NOT: call void %{{.*}}#
>>>      // CHECK: __ubsan_handle_builtin_unreachable
>>>      // CHECK: unreachable
>>>    }
>>>
>>>    // Test regular members.
>>>    // CHECK-LABEL: define linkonce_odr void
>>> @_ZN1A16does_not_return2Ev({{.*}})
>>> -  // CHECK-SAME: [[DOES_NOT_RETURN_ATTR:#[0-9]+]]
>>> -  void __attribute__((noreturn)) does_not_return2() {
>>> -    // CHECK-NOT: call void @_Z5abortv(){{.*}}#
>>> +  // CHECK-SAME: [[USER_FN_ATTR:#[0-9]+]]
>>> +  void does_not_return2() __attribute__((noreturn)) {
>>> +    // CHECK: call void @_Z5abortv(){{[^#]*}}
>>>      abort();
>>>
>>>      // CHECK: call void @__ubsan_handle_builtin_unreachable
>>> @@ -68,7 +66,9 @@ struct A {
>>>    }
>>>  };
>>>
>>> -// CHECK: define linkonce_odr void @_ZN1A16does_not_return1Ev()
>>> [[DOES_NOT_RETURN_ATTR]]
>>> +// CHECK-LABEL: define linkonce_odr void @_ZN1A16does_not_return1Ev()
>>> +// CHECK-SAME: [[USER_FN_ATTR]]
>>> +// CHECK: call void @_Z5abortv(){{[^#]*}}
>>>
>>>  void force_irgen() {
>>>    A a;
>>> @@ -77,5 +77,7 @@ void force_irgen() {
>>>    a.call3();
>>>  }
>>>
>>> -// CHECK-NOT: [[ABORT_ATTR]] = {{[^}]+}}noreturn
>>> -// CHECK-NOT: [[DOES_NOT_RETURN_ATTR]] = {{[^}]+}}noreturn
>>> +// `noreturn` should be removed from functions and call sites
>>> +// CHECK-LABEL: attributes
>>> +// CHECK-NOT: [[USER_FN_ATTR]] = { {{.*noreturn.*}} }
>>> +// CHECK-NOT: [[EXTERN_FN_ATTR]] = { {{.*noreturn.*}} }
>>>
>>>
>>> _______________________________________________
>>> cfe-commits mailing list
>>> cfe-commits at lists.llvm.org
>>> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20190131/0a6d756f/attachment-0001.html>


More information about the cfe-commits mailing list