1 //===-- ubsan_handlers.cc -------------------------------------------------===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // Error logging entry points for the UBSan runtime.
11 //
12 //===----------------------------------------------------------------------===//
13
14 #include "ubsan_platform.h"
15 #if CAN_SANITIZE_UB
16 #include "ubsan_handlers.h"
17 #include "ubsan_diag.h"
18
19 #include "sanitizer_common/sanitizer_common.h"
20
21 using namespace __sanitizer;
22 using namespace __ubsan;
23
ignoreReport(SourceLocation SLoc,ReportOptions Opts)24 static bool ignoreReport(SourceLocation SLoc, ReportOptions Opts) {
25 // If source location is already acquired, we don't need to print an error
26 // report for the second time. However, if we're in an unrecoverable handler,
27 // it's possible that location was required by concurrently running thread.
28 // In this case, we should continue the execution to ensure that any of
29 // threads will grab the report mutex and print the report before
30 // crashing the program.
31 return SLoc.isDisabled() && !Opts.DieAfterReport;
32 }
33
34 namespace __ubsan {
35 const char *TypeCheckKinds[] = {
36 "load of", "store to", "reference binding to", "member access within",
37 "member call on", "constructor call on", "downcast of", "downcast of",
38 "upcast of", "cast to virtual base of"};
39 }
40
handleTypeMismatchImpl(TypeMismatchData * Data,ValueHandle Pointer,ReportOptions Opts)41 static void handleTypeMismatchImpl(TypeMismatchData *Data, ValueHandle Pointer,
42 ReportOptions Opts) {
43 Location Loc = Data->Loc.acquire();
44 // Use the SourceLocation from Data to track deduplication, even if 'invalid'
45 if (ignoreReport(Loc.getSourceLocation(), Opts))
46 return;
47
48 SymbolizedStackHolder FallbackLoc;
49 if (Data->Loc.isInvalid()) {
50 FallbackLoc.reset(getCallerLocation(Opts.pc));
51 Loc = FallbackLoc;
52 }
53
54 ScopedReport R(Opts, Loc);
55
56 if (!Pointer)
57 Diag(Loc, DL_Error, "%0 null pointer of type %1")
58 << TypeCheckKinds[Data->TypeCheckKind] << Data->Type;
59 else if (Data->Alignment && (Pointer & (Data->Alignment - 1)))
60 Diag(Loc, DL_Error, "%0 misaligned address %1 for type %3, "
61 "which requires %2 byte alignment")
62 << TypeCheckKinds[Data->TypeCheckKind] << (void*)Pointer
63 << Data->Alignment << Data->Type;
64 else
65 Diag(Loc, DL_Error, "%0 address %1 with insufficient space "
66 "for an object of type %2")
67 << TypeCheckKinds[Data->TypeCheckKind] << (void*)Pointer << Data->Type;
68 if (Pointer)
69 Diag(Pointer, DL_Note, "pointer points here");
70 }
71
__ubsan_handle_type_mismatch(TypeMismatchData * Data,ValueHandle Pointer)72 void __ubsan::__ubsan_handle_type_mismatch(TypeMismatchData *Data,
73 ValueHandle Pointer) {
74 GET_REPORT_OPTIONS(false);
75 handleTypeMismatchImpl(Data, Pointer, Opts);
76 }
__ubsan_handle_type_mismatch_abort(TypeMismatchData * Data,ValueHandle Pointer)77 void __ubsan::__ubsan_handle_type_mismatch_abort(TypeMismatchData *Data,
78 ValueHandle Pointer) {
79 GET_REPORT_OPTIONS(true);
80 handleTypeMismatchImpl(Data, Pointer, Opts);
81 Die();
82 }
83
84 /// \brief Common diagnostic emission for various forms of integer overflow.
85 template <typename T>
handleIntegerOverflowImpl(OverflowData * Data,ValueHandle LHS,const char * Operator,T RHS,ReportOptions Opts)86 static void handleIntegerOverflowImpl(OverflowData *Data, ValueHandle LHS,
87 const char *Operator, T RHS,
88 ReportOptions Opts) {
89 SourceLocation Loc = Data->Loc.acquire();
90 if (ignoreReport(Loc, Opts))
91 return;
92
93 ScopedReport R(Opts, Loc);
94
95 Diag(Loc, DL_Error, "%0 integer overflow: "
96 "%1 %2 %3 cannot be represented in type %4")
97 << (Data->Type.isSignedIntegerTy() ? "signed" : "unsigned")
98 << Value(Data->Type, LHS) << Operator << RHS << Data->Type;
99 }
100
101 #define UBSAN_OVERFLOW_HANDLER(handler_name, op, abort) \
102 void __ubsan::handler_name(OverflowData *Data, ValueHandle LHS, \
103 ValueHandle RHS) { \
104 GET_REPORT_OPTIONS(abort); \
105 handleIntegerOverflowImpl(Data, LHS, op, Value(Data->Type, RHS), Opts); \
106 if (abort) Die(); \
107 }
108
109 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_add_overflow, "+", false)
110 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_add_overflow_abort, "+", true)
111 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_sub_overflow, "-", false)
112 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_sub_overflow_abort, "-", true)
113 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_mul_overflow, "*", false)
114 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_mul_overflow_abort, "*", true)
115
handleNegateOverflowImpl(OverflowData * Data,ValueHandle OldVal,ReportOptions Opts)116 static void handleNegateOverflowImpl(OverflowData *Data, ValueHandle OldVal,
117 ReportOptions Opts) {
118 SourceLocation Loc = Data->Loc.acquire();
119 if (ignoreReport(Loc, Opts))
120 return;
121
122 ScopedReport R(Opts, Loc);
123
124 if (Data->Type.isSignedIntegerTy())
125 Diag(Loc, DL_Error,
126 "negation of %0 cannot be represented in type %1; "
127 "cast to an unsigned type to negate this value to itself")
128 << Value(Data->Type, OldVal) << Data->Type;
129 else
130 Diag(Loc, DL_Error,
131 "negation of %0 cannot be represented in type %1")
132 << Value(Data->Type, OldVal) << Data->Type;
133 }
134
__ubsan_handle_negate_overflow(OverflowData * Data,ValueHandle OldVal)135 void __ubsan::__ubsan_handle_negate_overflow(OverflowData *Data,
136 ValueHandle OldVal) {
137 GET_REPORT_OPTIONS(false);
138 handleNegateOverflowImpl(Data, OldVal, Opts);
139 }
__ubsan_handle_negate_overflow_abort(OverflowData * Data,ValueHandle OldVal)140 void __ubsan::__ubsan_handle_negate_overflow_abort(OverflowData *Data,
141 ValueHandle OldVal) {
142 GET_REPORT_OPTIONS(true);
143 handleNegateOverflowImpl(Data, OldVal, Opts);
144 Die();
145 }
146
handleDivremOverflowImpl(OverflowData * Data,ValueHandle LHS,ValueHandle RHS,ReportOptions Opts)147 static void handleDivremOverflowImpl(OverflowData *Data, ValueHandle LHS,
148 ValueHandle RHS, ReportOptions Opts) {
149 SourceLocation Loc = Data->Loc.acquire();
150 if (ignoreReport(Loc, Opts))
151 return;
152
153 ScopedReport R(Opts, Loc);
154
155 Value LHSVal(Data->Type, LHS);
156 Value RHSVal(Data->Type, RHS);
157 if (RHSVal.isMinusOne())
158 Diag(Loc, DL_Error,
159 "division of %0 by -1 cannot be represented in type %1")
160 << LHSVal << Data->Type;
161 else
162 Diag(Loc, DL_Error, "division by zero");
163 }
164
__ubsan_handle_divrem_overflow(OverflowData * Data,ValueHandle LHS,ValueHandle RHS)165 void __ubsan::__ubsan_handle_divrem_overflow(OverflowData *Data,
166 ValueHandle LHS, ValueHandle RHS) {
167 GET_REPORT_OPTIONS(false);
168 handleDivremOverflowImpl(Data, LHS, RHS, Opts);
169 }
__ubsan_handle_divrem_overflow_abort(OverflowData * Data,ValueHandle LHS,ValueHandle RHS)170 void __ubsan::__ubsan_handle_divrem_overflow_abort(OverflowData *Data,
171 ValueHandle LHS,
172 ValueHandle RHS) {
173 GET_REPORT_OPTIONS(true);
174 handleDivremOverflowImpl(Data, LHS, RHS, Opts);
175 Die();
176 }
177
handleShiftOutOfBoundsImpl(ShiftOutOfBoundsData * Data,ValueHandle LHS,ValueHandle RHS,ReportOptions Opts)178 static void handleShiftOutOfBoundsImpl(ShiftOutOfBoundsData *Data,
179 ValueHandle LHS, ValueHandle RHS,
180 ReportOptions Opts) {
181 SourceLocation Loc = Data->Loc.acquire();
182 if (ignoreReport(Loc, Opts))
183 return;
184
185 ScopedReport R(Opts, Loc);
186
187 Value LHSVal(Data->LHSType, LHS);
188 Value RHSVal(Data->RHSType, RHS);
189 if (RHSVal.isNegative())
190 Diag(Loc, DL_Error, "shift exponent %0 is negative") << RHSVal;
191 else if (RHSVal.getPositiveIntValue() >= Data->LHSType.getIntegerBitWidth())
192 Diag(Loc, DL_Error,
193 "shift exponent %0 is too large for %1-bit type %2")
194 << RHSVal << Data->LHSType.getIntegerBitWidth() << Data->LHSType;
195 else if (LHSVal.isNegative())
196 Diag(Loc, DL_Error, "left shift of negative value %0") << LHSVal;
197 else
198 Diag(Loc, DL_Error,
199 "left shift of %0 by %1 places cannot be represented in type %2")
200 << LHSVal << RHSVal << Data->LHSType;
201 }
202
__ubsan_handle_shift_out_of_bounds(ShiftOutOfBoundsData * Data,ValueHandle LHS,ValueHandle RHS)203 void __ubsan::__ubsan_handle_shift_out_of_bounds(ShiftOutOfBoundsData *Data,
204 ValueHandle LHS,
205 ValueHandle RHS) {
206 GET_REPORT_OPTIONS(false);
207 handleShiftOutOfBoundsImpl(Data, LHS, RHS, Opts);
208 }
__ubsan_handle_shift_out_of_bounds_abort(ShiftOutOfBoundsData * Data,ValueHandle LHS,ValueHandle RHS)209 void __ubsan::__ubsan_handle_shift_out_of_bounds_abort(
210 ShiftOutOfBoundsData *Data,
211 ValueHandle LHS,
212 ValueHandle RHS) {
213 GET_REPORT_OPTIONS(true);
214 handleShiftOutOfBoundsImpl(Data, LHS, RHS, Opts);
215 Die();
216 }
217
handleOutOfBoundsImpl(OutOfBoundsData * Data,ValueHandle Index,ReportOptions Opts)218 static void handleOutOfBoundsImpl(OutOfBoundsData *Data, ValueHandle Index,
219 ReportOptions Opts) {
220 SourceLocation Loc = Data->Loc.acquire();
221 if (ignoreReport(Loc, Opts))
222 return;
223
224 ScopedReport R(Opts, Loc);
225
226 Value IndexVal(Data->IndexType, Index);
227 Diag(Loc, DL_Error, "index %0 out of bounds for type %1")
228 << IndexVal << Data->ArrayType;
229 }
230
__ubsan_handle_out_of_bounds(OutOfBoundsData * Data,ValueHandle Index)231 void __ubsan::__ubsan_handle_out_of_bounds(OutOfBoundsData *Data,
232 ValueHandle Index) {
233 GET_REPORT_OPTIONS(false);
234 handleOutOfBoundsImpl(Data, Index, Opts);
235 }
__ubsan_handle_out_of_bounds_abort(OutOfBoundsData * Data,ValueHandle Index)236 void __ubsan::__ubsan_handle_out_of_bounds_abort(OutOfBoundsData *Data,
237 ValueHandle Index) {
238 GET_REPORT_OPTIONS(true);
239 handleOutOfBoundsImpl(Data, Index, Opts);
240 Die();
241 }
242
handleBuiltinUnreachableImpl(UnreachableData * Data,ReportOptions Opts)243 static void handleBuiltinUnreachableImpl(UnreachableData *Data,
244 ReportOptions Opts) {
245 ScopedReport R(Opts, Data->Loc);
246 Diag(Data->Loc, DL_Error, "execution reached a __builtin_unreachable() call");
247 }
248
__ubsan_handle_builtin_unreachable(UnreachableData * Data)249 void __ubsan::__ubsan_handle_builtin_unreachable(UnreachableData *Data) {
250 GET_REPORT_OPTIONS(true);
251 handleBuiltinUnreachableImpl(Data, Opts);
252 Die();
253 }
254
handleMissingReturnImpl(UnreachableData * Data,ReportOptions Opts)255 static void handleMissingReturnImpl(UnreachableData *Data, ReportOptions Opts) {
256 ScopedReport R(Opts, Data->Loc);
257 Diag(Data->Loc, DL_Error,
258 "execution reached the end of a value-returning function "
259 "without returning a value");
260 }
261
__ubsan_handle_missing_return(UnreachableData * Data)262 void __ubsan::__ubsan_handle_missing_return(UnreachableData *Data) {
263 GET_REPORT_OPTIONS(true);
264 handleMissingReturnImpl(Data, Opts);
265 Die();
266 }
267
handleVLABoundNotPositive(VLABoundData * Data,ValueHandle Bound,ReportOptions Opts)268 static void handleVLABoundNotPositive(VLABoundData *Data, ValueHandle Bound,
269 ReportOptions Opts) {
270 SourceLocation Loc = Data->Loc.acquire();
271 if (ignoreReport(Loc, Opts))
272 return;
273
274 ScopedReport R(Opts, Loc);
275
276 Diag(Loc, DL_Error, "variable length array bound evaluates to "
277 "non-positive value %0")
278 << Value(Data->Type, Bound);
279 }
280
__ubsan_handle_vla_bound_not_positive(VLABoundData * Data,ValueHandle Bound)281 void __ubsan::__ubsan_handle_vla_bound_not_positive(VLABoundData *Data,
282 ValueHandle Bound) {
283 GET_REPORT_OPTIONS(false);
284 handleVLABoundNotPositive(Data, Bound, Opts);
285 }
__ubsan_handle_vla_bound_not_positive_abort(VLABoundData * Data,ValueHandle Bound)286 void __ubsan::__ubsan_handle_vla_bound_not_positive_abort(VLABoundData *Data,
287 ValueHandle Bound) {
288 GET_REPORT_OPTIONS(true);
289 handleVLABoundNotPositive(Data, Bound, Opts);
290 Die();
291 }
292
handleFloatCastOverflow(FloatCastOverflowData * Data,ValueHandle From,ReportOptions Opts)293 static void handleFloatCastOverflow(FloatCastOverflowData *Data,
294 ValueHandle From, ReportOptions Opts) {
295 // TODO: Add deduplication once a SourceLocation is generated for this check.
296 SymbolizedStackHolder CallerLoc(getCallerLocation(Opts.pc));
297 Location Loc = CallerLoc;
298 ScopedReport R(Opts, Loc);
299
300 Diag(Loc, DL_Error,
301 "value %0 is outside the range of representable values of type %2")
302 << Value(Data->FromType, From) << Data->FromType << Data->ToType;
303 }
304
__ubsan_handle_float_cast_overflow(FloatCastOverflowData * Data,ValueHandle From)305 void __ubsan::__ubsan_handle_float_cast_overflow(FloatCastOverflowData *Data,
306 ValueHandle From) {
307 GET_REPORT_OPTIONS(false);
308 handleFloatCastOverflow(Data, From, Opts);
309 }
310 void
__ubsan_handle_float_cast_overflow_abort(FloatCastOverflowData * Data,ValueHandle From)311 __ubsan::__ubsan_handle_float_cast_overflow_abort(FloatCastOverflowData *Data,
312 ValueHandle From) {
313 GET_REPORT_OPTIONS(true);
314 handleFloatCastOverflow(Data, From, Opts);
315 Die();
316 }
317
handleLoadInvalidValue(InvalidValueData * Data,ValueHandle Val,ReportOptions Opts)318 static void handleLoadInvalidValue(InvalidValueData *Data, ValueHandle Val,
319 ReportOptions Opts) {
320 SourceLocation Loc = Data->Loc.acquire();
321 if (ignoreReport(Loc, Opts))
322 return;
323
324 ScopedReport R(Opts, Loc);
325
326 Diag(Loc, DL_Error,
327 "load of value %0, which is not a valid value for type %1")
328 << Value(Data->Type, Val) << Data->Type;
329 }
330
__ubsan_handle_load_invalid_value(InvalidValueData * Data,ValueHandle Val)331 void __ubsan::__ubsan_handle_load_invalid_value(InvalidValueData *Data,
332 ValueHandle Val) {
333 GET_REPORT_OPTIONS(false);
334 handleLoadInvalidValue(Data, Val, Opts);
335 }
__ubsan_handle_load_invalid_value_abort(InvalidValueData * Data,ValueHandle Val)336 void __ubsan::__ubsan_handle_load_invalid_value_abort(InvalidValueData *Data,
337 ValueHandle Val) {
338 GET_REPORT_OPTIONS(true);
339 handleLoadInvalidValue(Data, Val, Opts);
340 Die();
341 }
342
handleFunctionTypeMismatch(FunctionTypeMismatchData * Data,ValueHandle Function,ReportOptions Opts)343 static void handleFunctionTypeMismatch(FunctionTypeMismatchData *Data,
344 ValueHandle Function,
345 ReportOptions Opts) {
346 SourceLocation CallLoc = Data->Loc.acquire();
347 if (ignoreReport(CallLoc, Opts))
348 return;
349
350 ScopedReport R(Opts, CallLoc);
351
352 SymbolizedStackHolder FLoc(getSymbolizedLocation(Function));
353 const char *FName = FLoc.get()->info.function;
354 if (!FName)
355 FName = "(unknown)";
356
357 Diag(CallLoc, DL_Error,
358 "call to function %0 through pointer to incorrect function type %1")
359 << FName << Data->Type;
360 Diag(FLoc, DL_Note, "%0 defined here") << FName;
361 }
362
363 void
__ubsan_handle_function_type_mismatch(FunctionTypeMismatchData * Data,ValueHandle Function)364 __ubsan::__ubsan_handle_function_type_mismatch(FunctionTypeMismatchData *Data,
365 ValueHandle Function) {
366 GET_REPORT_OPTIONS(false);
367 handleFunctionTypeMismatch(Data, Function, Opts);
368 }
369
__ubsan_handle_function_type_mismatch_abort(FunctionTypeMismatchData * Data,ValueHandle Function)370 void __ubsan::__ubsan_handle_function_type_mismatch_abort(
371 FunctionTypeMismatchData *Data, ValueHandle Function) {
372 GET_REPORT_OPTIONS(true);
373 handleFunctionTypeMismatch(Data, Function, Opts);
374 Die();
375 }
376
handleNonNullReturn(NonNullReturnData * Data,ReportOptions Opts)377 static void handleNonNullReturn(NonNullReturnData *Data, ReportOptions Opts) {
378 SourceLocation Loc = Data->Loc.acquire();
379 if (ignoreReport(Loc, Opts))
380 return;
381
382 ScopedReport R(Opts, Loc);
383
384 Diag(Loc, DL_Error, "null pointer returned from function declared to never "
385 "return null");
386 if (!Data->AttrLoc.isInvalid())
387 Diag(Data->AttrLoc, DL_Note, "returns_nonnull attribute specified here");
388 }
389
__ubsan_handle_nonnull_return(NonNullReturnData * Data)390 void __ubsan::__ubsan_handle_nonnull_return(NonNullReturnData *Data) {
391 GET_REPORT_OPTIONS(false);
392 handleNonNullReturn(Data, Opts);
393 }
394
__ubsan_handle_nonnull_return_abort(NonNullReturnData * Data)395 void __ubsan::__ubsan_handle_nonnull_return_abort(NonNullReturnData *Data) {
396 GET_REPORT_OPTIONS(true);
397 handleNonNullReturn(Data, Opts);
398 Die();
399 }
400
handleNonNullArg(NonNullArgData * Data,ReportOptions Opts)401 static void handleNonNullArg(NonNullArgData *Data, ReportOptions Opts) {
402 SourceLocation Loc = Data->Loc.acquire();
403 if (ignoreReport(Loc, Opts))
404 return;
405
406 ScopedReport R(Opts, Loc);
407
408 Diag(Loc, DL_Error, "null pointer passed as argument %0, which is declared to "
409 "never be null") << Data->ArgIndex;
410 if (!Data->AttrLoc.isInvalid())
411 Diag(Data->AttrLoc, DL_Note, "nonnull attribute specified here");
412 }
413
__ubsan_handle_nonnull_arg(NonNullArgData * Data)414 void __ubsan::__ubsan_handle_nonnull_arg(NonNullArgData *Data) {
415 GET_REPORT_OPTIONS(false);
416 handleNonNullArg(Data, Opts);
417 }
418
__ubsan_handle_nonnull_arg_abort(NonNullArgData * Data)419 void __ubsan::__ubsan_handle_nonnull_arg_abort(NonNullArgData *Data) {
420 GET_REPORT_OPTIONS(true);
421 handleNonNullArg(Data, Opts);
422 Die();
423 }
424
425 #endif // CAN_SANITIZE_UB
426