1 //===-- ubsan_handlers.cc -------------------------------------------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // Error logging entry points for the UBSan runtime.
12 //===----------------------------------------------------------------------===//
14 #include "ubsan_platform.h"
16 #include "ubsan_handlers.h"
17 #include "ubsan_diag.h"
19 #include "sanitizer_common/sanitizer_common.h"
21 using namespace __sanitizer;
22 using namespace __ubsan;
24 static bool ignoreReport(SourceLocation SLoc, ReportOptions Opts) {
25 // If source location is already acquired, we don't need to print an error
26 // report for the second time. However, if we're in an unrecoverable handler,
27 // it's possible that location was required by concurrently running thread.
28 // In this case, we should continue the execution to ensure that any of
29 // threads will grab the report mutex and print the report before
30 // crashing the program.
31 return SLoc.isDisabled() && !Opts.DieAfterReport;
35 const char *TypeCheckKinds[] = {
36 "load of", "store to", "reference binding to", "member access within",
37 "member call on", "constructor call on", "downcast of", "downcast of",
38 "upcast of", "cast to virtual base of"};
41 static void handleTypeMismatchImpl(TypeMismatchData *Data, ValueHandle Pointer,
43 Location Loc = Data->Loc.acquire();
44 // Use the SourceLocation from Data to track deduplication, even if 'invalid'
45 if (ignoreReport(Loc.getSourceLocation(), Opts))
48 SymbolizedStackHolder FallbackLoc;
49 if (Data->Loc.isInvalid()) {
50 FallbackLoc.reset(getCallerLocation(Opts.pc));
54 ScopedReport R(Opts, Loc);
57 Diag(Loc, DL_Error, "%0 null pointer of type %1")
58 << TypeCheckKinds[Data->TypeCheckKind] << Data->Type;
59 else if (Data->Alignment && (Pointer & (Data->Alignment - 1)))
60 Diag(Loc, DL_Error, "%0 misaligned address %1 for type %3, "
61 "which requires %2 byte alignment")
62 << TypeCheckKinds[Data->TypeCheckKind] << (void*)Pointer
63 << Data->Alignment << Data->Type;
65 Diag(Loc, DL_Error, "%0 address %1 with insufficient space "
66 "for an object of type %2")
67 << TypeCheckKinds[Data->TypeCheckKind] << (void*)Pointer << Data->Type;
69 Diag(Pointer, DL_Note, "pointer points here");
72 void __ubsan::__ubsan_handle_type_mismatch(TypeMismatchData *Data,
73 ValueHandle Pointer) {
74 GET_REPORT_OPTIONS(false);
75 handleTypeMismatchImpl(Data, Pointer, Opts);
77 void __ubsan::__ubsan_handle_type_mismatch_abort(TypeMismatchData *Data,
78 ValueHandle Pointer) {
79 GET_REPORT_OPTIONS(true);
80 handleTypeMismatchImpl(Data, Pointer, Opts);
84 /// \brief Common diagnostic emission for various forms of integer overflow.
86 static void handleIntegerOverflowImpl(OverflowData *Data, ValueHandle LHS,
87 const char *Operator, T RHS,
89 SourceLocation Loc = Data->Loc.acquire();
90 if (ignoreReport(Loc, Opts))
93 ScopedReport R(Opts, Loc);
95 Diag(Loc, DL_Error, "%0 integer overflow: "
96 "%1 %2 %3 cannot be represented in type %4")
97 << (Data->Type.isSignedIntegerTy() ? "signed" : "unsigned")
98 << Value(Data->Type, LHS) << Operator << RHS << Data->Type;
101 #define UBSAN_OVERFLOW_HANDLER(handler_name, op, abort) \
102 void __ubsan::handler_name(OverflowData *Data, ValueHandle LHS, \
104 GET_REPORT_OPTIONS(abort); \
105 handleIntegerOverflowImpl(Data, LHS, op, Value(Data->Type, RHS), Opts); \
109 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_add_overflow, "+", false)
110 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_add_overflow_abort, "+", true)
111 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_sub_overflow, "-", false)
112 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_sub_overflow_abort, "-", true)
113 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_mul_overflow, "*", false)
114 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_mul_overflow_abort, "*", true)
116 static void handleNegateOverflowImpl(OverflowData *Data, ValueHandle OldVal,
117 ReportOptions Opts) {
118 SourceLocation Loc = Data->Loc.acquire();
119 if (ignoreReport(Loc, Opts))
122 ScopedReport R(Opts, Loc);
124 if (Data->Type.isSignedIntegerTy())
126 "negation of %0 cannot be represented in type %1; "
127 "cast to an unsigned type to negate this value to itself")
128 << Value(Data->Type, OldVal) << Data->Type;
131 "negation of %0 cannot be represented in type %1")
132 << Value(Data->Type, OldVal) << Data->Type;
135 void __ubsan::__ubsan_handle_negate_overflow(OverflowData *Data,
136 ValueHandle OldVal) {
137 GET_REPORT_OPTIONS(false);
138 handleNegateOverflowImpl(Data, OldVal, Opts);
140 void __ubsan::__ubsan_handle_negate_overflow_abort(OverflowData *Data,
141 ValueHandle OldVal) {
142 GET_REPORT_OPTIONS(true);
143 handleNegateOverflowImpl(Data, OldVal, Opts);
147 static void handleDivremOverflowImpl(OverflowData *Data, ValueHandle LHS,
148 ValueHandle RHS, ReportOptions Opts) {
149 SourceLocation Loc = Data->Loc.acquire();
150 if (ignoreReport(Loc, Opts))
153 ScopedReport R(Opts, Loc);
155 Value LHSVal(Data->Type, LHS);
156 Value RHSVal(Data->Type, RHS);
157 if (RHSVal.isMinusOne())
159 "division of %0 by -1 cannot be represented in type %1")
160 << LHSVal << Data->Type;
162 Diag(Loc, DL_Error, "division by zero");
165 void __ubsan::__ubsan_handle_divrem_overflow(OverflowData *Data,
166 ValueHandle LHS, ValueHandle RHS) {
167 GET_REPORT_OPTIONS(false);
168 handleDivremOverflowImpl(Data, LHS, RHS, Opts);
170 void __ubsan::__ubsan_handle_divrem_overflow_abort(OverflowData *Data,
173 GET_REPORT_OPTIONS(true);
174 handleDivremOverflowImpl(Data, LHS, RHS, Opts);
178 static void handleShiftOutOfBoundsImpl(ShiftOutOfBoundsData *Data,
179 ValueHandle LHS, ValueHandle RHS,
180 ReportOptions Opts) {
181 SourceLocation Loc = Data->Loc.acquire();
182 if (ignoreReport(Loc, Opts))
185 ScopedReport R(Opts, Loc);
187 Value LHSVal(Data->LHSType, LHS);
188 Value RHSVal(Data->RHSType, RHS);
189 if (RHSVal.isNegative())
190 Diag(Loc, DL_Error, "shift exponent %0 is negative") << RHSVal;
191 else if (RHSVal.getPositiveIntValue() >= Data->LHSType.getIntegerBitWidth())
193 "shift exponent %0 is too large for %1-bit type %2")
194 << RHSVal << Data->LHSType.getIntegerBitWidth() << Data->LHSType;
195 else if (LHSVal.isNegative())
196 Diag(Loc, DL_Error, "left shift of negative value %0") << LHSVal;
199 "left shift of %0 by %1 places cannot be represented in type %2")
200 << LHSVal << RHSVal << Data->LHSType;
203 void __ubsan::__ubsan_handle_shift_out_of_bounds(ShiftOutOfBoundsData *Data,
206 GET_REPORT_OPTIONS(false);
207 handleShiftOutOfBoundsImpl(Data, LHS, RHS, Opts);
209 void __ubsan::__ubsan_handle_shift_out_of_bounds_abort(
210 ShiftOutOfBoundsData *Data,
213 GET_REPORT_OPTIONS(true);
214 handleShiftOutOfBoundsImpl(Data, LHS, RHS, Opts);
218 static void handleOutOfBoundsImpl(OutOfBoundsData *Data, ValueHandle Index,
219 ReportOptions Opts) {
220 SourceLocation Loc = Data->Loc.acquire();
221 if (ignoreReport(Loc, Opts))
224 ScopedReport R(Opts, Loc);
226 Value IndexVal(Data->IndexType, Index);
227 Diag(Loc, DL_Error, "index %0 out of bounds for type %1")
228 << IndexVal << Data->ArrayType;
231 void __ubsan::__ubsan_handle_out_of_bounds(OutOfBoundsData *Data,
233 GET_REPORT_OPTIONS(false);
234 handleOutOfBoundsImpl(Data, Index, Opts);
236 void __ubsan::__ubsan_handle_out_of_bounds_abort(OutOfBoundsData *Data,
238 GET_REPORT_OPTIONS(true);
239 handleOutOfBoundsImpl(Data, Index, Opts);
243 static void handleBuiltinUnreachableImpl(UnreachableData *Data,
244 ReportOptions Opts) {
245 ScopedReport R(Opts, Data->Loc);
246 Diag(Data->Loc, DL_Error, "execution reached a __builtin_unreachable() call");
249 void __ubsan::__ubsan_handle_builtin_unreachable(UnreachableData *Data) {
250 GET_REPORT_OPTIONS(true);
251 handleBuiltinUnreachableImpl(Data, Opts);
255 static void handleMissingReturnImpl(UnreachableData *Data, ReportOptions Opts) {
256 ScopedReport R(Opts, Data->Loc);
257 Diag(Data->Loc, DL_Error,
258 "execution reached the end of a value-returning function "
259 "without returning a value");
262 void __ubsan::__ubsan_handle_missing_return(UnreachableData *Data) {
263 GET_REPORT_OPTIONS(true);
264 handleMissingReturnImpl(Data, Opts);
268 static void handleVLABoundNotPositive(VLABoundData *Data, ValueHandle Bound,
269 ReportOptions Opts) {
270 SourceLocation Loc = Data->Loc.acquire();
271 if (ignoreReport(Loc, Opts))
274 ScopedReport R(Opts, Loc);
276 Diag(Loc, DL_Error, "variable length array bound evaluates to "
277 "non-positive value %0")
278 << Value(Data->Type, Bound);
281 void __ubsan::__ubsan_handle_vla_bound_not_positive(VLABoundData *Data,
283 GET_REPORT_OPTIONS(false);
284 handleVLABoundNotPositive(Data, Bound, Opts);
286 void __ubsan::__ubsan_handle_vla_bound_not_positive_abort(VLABoundData *Data,
288 GET_REPORT_OPTIONS(true);
289 handleVLABoundNotPositive(Data, Bound, Opts);
293 static void handleFloatCastOverflow(FloatCastOverflowData *Data,
294 ValueHandle From, ReportOptions Opts) {
295 // TODO: Add deduplication once a SourceLocation is generated for this check.
296 SymbolizedStackHolder CallerLoc(getCallerLocation(Opts.pc));
297 Location Loc = CallerLoc;
298 ScopedReport R(Opts, Loc);
301 "value %0 is outside the range of representable values of type %2")
302 << Value(Data->FromType, From) << Data->FromType << Data->ToType;
305 void __ubsan::__ubsan_handle_float_cast_overflow(FloatCastOverflowData *Data,
307 GET_REPORT_OPTIONS(false);
308 handleFloatCastOverflow(Data, From, Opts);
311 __ubsan::__ubsan_handle_float_cast_overflow_abort(FloatCastOverflowData *Data,
313 GET_REPORT_OPTIONS(true);
314 handleFloatCastOverflow(Data, From, Opts);
318 static void handleLoadInvalidValue(InvalidValueData *Data, ValueHandle Val,
319 ReportOptions Opts) {
320 SourceLocation Loc = Data->Loc.acquire();
321 if (ignoreReport(Loc, Opts))
324 ScopedReport R(Opts, Loc);
327 "load of value %0, which is not a valid value for type %1")
328 << Value(Data->Type, Val) << Data->Type;
331 void __ubsan::__ubsan_handle_load_invalid_value(InvalidValueData *Data,
333 GET_REPORT_OPTIONS(false);
334 handleLoadInvalidValue(Data, Val, Opts);
336 void __ubsan::__ubsan_handle_load_invalid_value_abort(InvalidValueData *Data,
338 GET_REPORT_OPTIONS(true);
339 handleLoadInvalidValue(Data, Val, Opts);
343 static void handleFunctionTypeMismatch(FunctionTypeMismatchData *Data,
344 ValueHandle Function,
345 ReportOptions Opts) {
346 SourceLocation CallLoc = Data->Loc.acquire();
347 if (ignoreReport(CallLoc, Opts))
350 ScopedReport R(Opts, CallLoc);
352 SymbolizedStackHolder FLoc(getSymbolizedLocation(Function));
353 const char *FName = FLoc.get()->info.function;
357 Diag(CallLoc, DL_Error,
358 "call to function %0 through pointer to incorrect function type %1")
359 << FName << Data->Type;
360 Diag(FLoc, DL_Note, "%0 defined here") << FName;
364 __ubsan::__ubsan_handle_function_type_mismatch(FunctionTypeMismatchData *Data,
365 ValueHandle Function) {
366 GET_REPORT_OPTIONS(false);
367 handleFunctionTypeMismatch(Data, Function, Opts);
370 void __ubsan::__ubsan_handle_function_type_mismatch_abort(
371 FunctionTypeMismatchData *Data, ValueHandle Function) {
372 GET_REPORT_OPTIONS(true);
373 handleFunctionTypeMismatch(Data, Function, Opts);
377 static void handleNonNullReturn(NonNullReturnData *Data, ReportOptions Opts) {
378 SourceLocation Loc = Data->Loc.acquire();
379 if (ignoreReport(Loc, Opts))
382 ScopedReport R(Opts, Loc);
384 Diag(Loc, DL_Error, "null pointer returned from function declared to never "
386 if (!Data->AttrLoc.isInvalid())
387 Diag(Data->AttrLoc, DL_Note, "returns_nonnull attribute specified here");
390 void __ubsan::__ubsan_handle_nonnull_return(NonNullReturnData *Data) {
391 GET_REPORT_OPTIONS(false);
392 handleNonNullReturn(Data, Opts);
395 void __ubsan::__ubsan_handle_nonnull_return_abort(NonNullReturnData *Data) {
396 GET_REPORT_OPTIONS(true);
397 handleNonNullReturn(Data, Opts);
401 static void handleNonNullArg(NonNullArgData *Data, ReportOptions Opts) {
402 SourceLocation Loc = Data->Loc.acquire();
403 if (ignoreReport(Loc, Opts))
406 ScopedReport R(Opts, Loc);
408 Diag(Loc, DL_Error, "null pointer passed as argument %0, which is declared to "
409 "never be null") << Data->ArgIndex;
410 if (!Data->AttrLoc.isInvalid())
411 Diag(Data->AttrLoc, DL_Note, "nonnull attribute specified here");
414 void __ubsan::__ubsan_handle_nonnull_arg(NonNullArgData *Data) {
415 GET_REPORT_OPTIONS(false);
416 handleNonNullArg(Data, Opts);
419 void __ubsan::__ubsan_handle_nonnull_arg_abort(NonNullArgData *Data) {
420 GET_REPORT_OPTIONS(true);
421 handleNonNullArg(Data, Opts);
425 #endif // CAN_SANITIZE_UB