[ubsan] Add a check for pointer overflow UB
Check pointer arithmetic for overflow. For some more background on this check, see: https://wdtz.org/catching-pointer-overflow-bugs.html https://reviews.llvm.org/D20322 Patch by Will Dietz and John Regehr! This version of the patch is different from the original in a few ways: - It introduces the EmitCheckedInBoundsGEP utility which inserts checks when the pointer overflow check is enabled. - It does some constant-folding to reduce instrumentation overhead. - It does not check some GEPs in CGExprCXX. I'm not sure that inserting checks here, or in CGClass, would catch many bugs. Possible future directions for this check: - Introduce CGF.EmitCheckedStructGEP, to detect overflows when accessing structures. Testing: Apart from the added lit test, I ran check-llvm and check-clang with a stage2, ubsan-instrumented clang. Will and John have also done extensive testing on numerous open source projects. Differential Revision: https://reviews.llvm.org/D33305 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@304459 91177308-0d34-0410-b5e6-96231b3b80d8
Showing
- docs/UndefinedBehaviorSanitizer.rst 2 additions, 0 deletionsdocs/UndefinedBehaviorSanitizer.rst
- include/clang/Basic/Sanitizers.def 4 additions, 3 deletionsinclude/clang/Basic/Sanitizers.def
- lib/CodeGen/CGExpr.cpp 21 additions, 12 deletionslib/CodeGen/CGExpr.cpp
- lib/CodeGen/CGExprScalar.cpp 176 additions, 34 deletionslib/CodeGen/CGExprScalar.cpp
- lib/CodeGen/CodeGenFunction.h 8 additions, 0 deletionslib/CodeGen/CodeGenFunction.h
- test/CodeGen/ubsan-pointer-overflow.m 171 additions, 0 deletionstest/CodeGen/ubsan-pointer-overflow.m
- test/Driver/fsanitize.c 9 additions, 9 deletionstest/Driver/fsanitize.c
Loading
Please register or sign in to comment