On Mon, Oct 13, 2014 at 02:47:07PM +0400, Yury Gribov wrote:
> On 09/30/2014 09:39 PM, Jakub Jelinek wrote:
> >LGTM, will hack it up soon in GCC then.
>
> Do you plan to work on this in near future?
Here is only very lightly tested patch, didn't get to updating
documentation though, plus there is no testsuite coverage for it.
Supposedly, most of the tests that use -fno-sanitize-recover
or -fsanitize-recover in dg-options should be changed to use
-fno-sanitize-recover= or -fsanitize-recover (in some cases for
the kind that is enabled with -fsanitize= only, in other cases
perhaps for something covering that and some other options),
plus perhaps some new smallish tests that test that if you e.g.
do -fsanitize=undefined -fno-sanitize-recover=divide , that
you can recover from several say out of bound shifts, but that
the first divide will terminate, etc.
Yuri or Marek, would you have spare time for that?
There is one not so nice thing, if one requests e.g.
-fsanitize=null,alignment -fno-sanitize-recover=null
-fsanitize-recover=alignment
(or vice versa), as a single call is used for both alignment and null
checks, if both are tested, it needs to pick something, the patch
right now picks recovery rather than abort if the two bits
in flag_sanitize_recover disagree. In theory, we could in that case
just use two separate calls rather than sharing one call, doing the
check and conditional branch to *_abort () first and if that wasn't true,
do the other check.
Also, the patch enables -fsanitize-recover by default for
-fsanitize-recover=undefined,float-divide-by-zero,float-cast-overflow
but not for kernel-address and doesn't check
(flag_sanitize_recover & SANITIZE_KERNEL_ADDRESS) in asan.c, you'd
need to add that afterwards.
2014-10-17 Jakub Jelinek <ja...@redhat.com>
* common.opt (flag_sanitize_recover): New variable.
(fsanitize-recover): Remove Var/Init, deprecate.
(fsanitize-recover=): New option.
* opts.c (finish_options): Use opts->x_flag_sanitize
instead of flag_sanitize. Formatting.
(common_handle_option): Handle OPT_fsanitize_recover_
and OPT_fsanitize_recover. Use opts->x_flag_sanitize
instead of flag_sanitize.
* asan.c (pass_sanopt::execute): Fix up formatting.
* ubsan.c (ubsan_expand_bounds_ifn, ubsan_expand_null_ifn,
ubsan_expand_objsize_ifn, ubsan_build_overflow_builtin,
instrument_bool_enum_load, ubsan_instrument_float_cast,
instrument_nonnull_arg, instrument_nonnull_return): Check
bits in flag_sanitize_recover bitmask instead of
flag_sanitize_recover as bool flag.
c-family/
* c-ubsan.c (ubsan_instrument_division, ubsan_instrument_shift,
ubsan_instrument_vla): Check bits in flag_sanitize_recover bitmask
instead of flag_sanitize_recover as bool flag.
--- gcc/common.opt.jj 2014-10-17 08:47:21.000000000 +0200
+++ gcc/common.opt 2014-10-17 17:45:41.816337133 +0200
@@ -211,6 +211,10 @@ bool flag_opts_finished
Variable
unsigned int flag_sanitize
+; What sanitizers should recover from errors
+Variable
+unsigned int flag_sanitize_recover = SANITIZE_UNDEFINED | SANITIZE_NONDEFAULT
+
; Flag whether a prefix has been added to dump_base_name
Variable
bool dump_base_name_prefixed = false
@@ -879,10 +883,14 @@ fsanitize=
Common Driver Report Joined
Select what to sanitize
-fsanitize-recover
-Common Report Var(flag_sanitize_recover) Init(1)
+fsanitize-recover=
+Common Report Joined
After diagnosing undefined behavior attempt to continue execution
+fsanitize-recover
+Common Report
+This switch is deprecated; use -fsanitize-recover= instead
+
fsanitize-undefined-trap-on-error
Common Report Var(flag_sanitize_undefined_trap_on_error) Init(0)
Use trap instead of a library function for undefined behavior sanitization
--- gcc/opts.c.jj 2014-10-17 12:01:19.000000000 +0200
+++ gcc/opts.c 2014-10-17 17:17:38.620375035 +0200
@@ -879,17 +879,17 @@ finish_options (struct gcc_options *opts
/* Userspace and kernel ASan conflict with each other and with TSan. */
- if ((flag_sanitize & SANITIZE_USER_ADDRESS)
- && (flag_sanitize & SANITIZE_KERNEL_ADDRESS))
+ if ((opts->x_flag_sanitize & SANITIZE_USER_ADDRESS)
+ && (opts->x_flag_sanitize & SANITIZE_KERNEL_ADDRESS))
error_at (loc,
- "-fsanitize=address is incompatible with "
- "-fsanitize=kernel-address");
+ "-fsanitize=address is incompatible with "
+ "-fsanitize=kernel-address");
- if ((flag_sanitize & SANITIZE_ADDRESS)
- && (flag_sanitize & SANITIZE_THREAD))
+ if ((opts->x_flag_sanitize & SANITIZE_ADDRESS)
+ && (opts->x_flag_sanitize & SANITIZE_THREAD))
error_at (loc,
- "-fsanitize=address and -fsanitize=kernel-address "
- "are incompatible with -fsanitize=thread");
+ "-fsanitize=address and -fsanitize=kernel-address "
+ "are incompatible with -fsanitize=thread");
}
#define LEFT_COLUMN 27
@@ -1473,6 +1473,7 @@ common_handle_option (struct gcc_options
break;
case OPT_fsanitize_:
+ case OPT_fsanitize_recover_:
{
const char *p = arg;
while (*p != 0)
@@ -1539,33 +1540,48 @@ common_handle_option (struct gcc_options
&& memcmp (p, spec[i].name, len) == 0)
{
/* Handle both -fsanitize and -fno-sanitize cases. */
- if (value)
- flag_sanitize |= spec[i].flag;
+ if (code == OPT_fsanitize_)
+ {
+ if (value)
+ opts->x_flag_sanitize |= spec[i].flag;
+ else
+ opts->x_flag_sanitize &= ~spec[i].flag;
+ }
else
- flag_sanitize &= ~spec[i].flag;
+ {
+ if (value)
+ opts->x_flag_sanitize_recover |= spec[i].flag;
+ else
+ opts->x_flag_sanitize_recover &= ~spec[i].flag;
+ }
found = true;
break;
}
if (! found)
error_at (loc,
- "unrecognized argument to -fsanitize= option: %q.*s",
- (int) len, p);
+ code == OPT_fsanitize_
+ ? "unrecognized argument to -fsanitize= option: %q.*s"
+ : "unrecognized argument to -fsanitize-recover= "
+ "option: %q.*s", (int) len, p);
if (comma == NULL)
break;
p = comma + 1;
}
+ if (code != OPT_fsanitize_)
+ break;
+
/* When instrumenting the pointers, we don't want to remove
the null pointer checks. */
- if (flag_sanitize & (SANITIZE_NULL | SANITIZE_NONNULL_ATTRIBUTE
- | SANITIZE_RETURNS_NONNULL_ATTRIBUTE))
+ if (opts->x_flag_sanitize & (SANITIZE_NULL | SANITIZE_NONNULL_ATTRIBUTE
+ | SANITIZE_RETURNS_NONNULL_ATTRIBUTE))
opts->x_flag_delete_null_pointer_checks = 0;
/* Kernel ASan implies normal ASan but does not yet support
all features. */
- if (flag_sanitize & SANITIZE_KERNEL_ADDRESS)
+ if (opts->x_flag_sanitize & SANITIZE_KERNEL_ADDRESS)
{
maybe_set_param_value
(PARAM_ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD, 0,
opts->x_param_values,
@@ -1584,6 +1600,15 @@ common_handle_option (struct gcc_options
break;
}
+ case OPT_fsanitize_recover:
+ if (value)
+ opts->x_flag_sanitize_recover
+ |= SANITIZE_UNDEFINED | SANITIZE_NONDEFAULT;
+ else
+ opts->x_flag_sanitize_recover
+ &= ~(SANITIZE_UNDEFINED | SANITIZE_NONDEFAULT);
+ break;
+
case OPT_O:
case OPT_Os:
case OPT_Ofast:
--- gcc/asan.c.jj 2014-10-13 17:54:34.000000000 +0200
+++ gcc/asan.c 2014-10-17 17:46:20.952620580 +0200
@@ -2884,10 +2884,8 @@ pass_sanopt::execute (function *fun)
no_next = ubsan_expand_objsize_ifn (&gsi);
break;
case IFN_ASAN_CHECK:
- {
- no_next = asan_expand_check_ifn (&gsi, use_calls);
- break;
- }
+ no_next = asan_expand_check_ifn (&gsi, use_calls);
+ break;
default:
break;
}
--- gcc/ubsan.c.jj 2014-10-10 19:42:22.000000000 +0200
+++ gcc/ubsan.c 2014-10-17 17:05:57.609330882 +0200
@@ -638,7 +638,7 @@ ubsan_expand_bounds_ifn (gimple_stmt_ite
NULL_TREE, NULL_TREE);
data = build_fold_addr_expr_loc (loc, data);
enum built_in_function bcode
- = flag_sanitize_recover
+ = (flag_sanitize_recover & SANITIZE_BOUNDS)
? BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS
: BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS_ABORT;
tree fn = builtin_decl_explicit (bcode);
@@ -741,7 +741,8 @@ ubsan_expand_null_ifn (gimple_stmt_itera
else
{
enum built_in_function bcode
- = flag_sanitize_recover
+ = (flag_sanitize_recover & ((check_align ? SANITIZE_ALIGNMENT : 0)
+ | (check_null ? SANITIZE_NULL : 0)))
? BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH
: BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_ABORT;
tree fn = builtin_decl_implicit (bcode);
@@ -879,7 +880,7 @@ ubsan_expand_objsize_ifn (gimple_stmt_it
NULL_TREE);
data = build_fold_addr_expr_loc (loc, data);
enum built_in_function bcode
- = flag_sanitize_recover
+ = (flag_sanitize_recover & SANITIZE_OBJECT_SIZE)
? BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH
: BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_ABORT;
tree p = make_ssa_name (pointer_sized_int_node, NULL);
@@ -964,22 +965,22 @@ ubsan_build_overflow_builtin (tree_code
switch (code)
{
case PLUS_EXPR:
- fn_code = flag_sanitize_recover
+ fn_code = (flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
? BUILT_IN_UBSAN_HANDLE_ADD_OVERFLOW
: BUILT_IN_UBSAN_HANDLE_ADD_OVERFLOW_ABORT;
break;
case MINUS_EXPR:
- fn_code = flag_sanitize_recover
+ fn_code = (flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
? BUILT_IN_UBSAN_HANDLE_SUB_OVERFLOW
: BUILT_IN_UBSAN_HANDLE_SUB_OVERFLOW_ABORT;
break;
case MULT_EXPR:
- fn_code = flag_sanitize_recover
+ fn_code = (flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
? BUILT_IN_UBSAN_HANDLE_MUL_OVERFLOW
: BUILT_IN_UBSAN_HANDLE_MUL_OVERFLOW_ABORT;
break;
case NEGATE_EXPR:
- fn_code = flag_sanitize_recover
+ fn_code = (flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
? BUILT_IN_UBSAN_HANDLE_NEGATE_OVERFLOW
: BUILT_IN_UBSAN_HANDLE_NEGATE_OVERFLOW_ABORT;
break;
@@ -1156,7 +1157,8 @@ instrument_bool_enum_load (gimple_stmt_i
NULL_TREE);
data = build_fold_addr_expr_loc (loc, data);
enum built_in_function bcode
- = flag_sanitize_recover
+ = (flag_sanitize_recover & (TREE_CODE (type) == BOOLEAN_TYPE
+ ? SANITIZE_BOOL : SANITIZE_ENUM))
? BUILT_IN_UBSAN_HANDLE_LOAD_INVALID_VALUE
: BUILT_IN_UBSAN_HANDLE_LOAD_INVALID_VALUE_ABORT;
tree fn = builtin_decl_explicit (bcode);
@@ -1278,7 +1280,7 @@ ubsan_instrument_float_cast (location_t
ubsan_type_descriptor (type), NULL_TREE,
NULL_TREE);
enum built_in_function bcode
- = flag_sanitize_recover
+ = (flag_sanitize_recover & SANITIZE_FLOAT_CAST)
? BUILT_IN_UBSAN_HANDLE_FLOAT_CAST_OVERFLOW
: BUILT_IN_UBSAN_HANDLE_FLOAT_CAST_OVERFLOW_ABORT;
fn = builtin_decl_explicit (bcode);
@@ -1344,7 +1346,7 @@ instrument_nonnull_arg (gimple_stmt_iter
NULL_TREE);
data = build_fold_addr_expr_loc (loc[0], data);
enum built_in_function bcode
- = flag_sanitize_recover
+ = (flag_sanitize_recover & SANITIZE_NONNULL_ATTRIBUTE)
? BUILT_IN_UBSAN_HANDLE_NONNULL_ARG
: BUILT_IN_UBSAN_HANDLE_NONNULL_ARG_ABORT;
tree fn = builtin_decl_explicit (bcode);
@@ -1396,7 +1398,7 @@ instrument_nonnull_return (gimple_stmt_i
2, loc, NULL_TREE, NULL_TREE);
data = build_fold_addr_expr_loc (loc[0], data);
enum built_in_function bcode
- = flag_sanitize_recover
+ = (flag_sanitize_recover & SANITIZE_RETURNS_NONNULL_ATTRIBUTE)
? BUILT_IN_UBSAN_HANDLE_NONNULL_RETURN
: BUILT_IN_UBSAN_HANDLE_NONNULL_RETURN_ABORT;
tree fn = builtin_decl_explicit (bcode);
--- gcc/c-family/c-ubsan.c.jj 2014-09-10 11:20:49.000000000 +0200
+++ gcc/c-family/c-ubsan.c 2014-10-17 17:13:14.393241619 +0200
@@ -104,7 +104,7 @@ ubsan_instrument_division (location_t lo
NULL_TREE);
data = build_fold_addr_expr_loc (loc, data);
enum built_in_function bcode
- = flag_sanitize_recover
+ = (flag_sanitize_recover & SANITIZE_DIVIDE)
? BUILT_IN_UBSAN_HANDLE_DIVREM_OVERFLOW
: BUILT_IN_UBSAN_HANDLE_DIVREM_OVERFLOW_ABORT;
tt = builtin_decl_explicit (bcode);
@@ -199,7 +199,7 @@ ubsan_instrument_shift (location_t loc,
data = build_fold_addr_expr_loc (loc, data);
enum built_in_function bcode
- = flag_sanitize_recover
+ = (flag_sanitize_recover & SANITIZE_SHIFT)
? BUILT_IN_UBSAN_HANDLE_SHIFT_OUT_OF_BOUNDS
: BUILT_IN_UBSAN_HANDLE_SHIFT_OUT_OF_BOUNDS_ABORT;
tt = builtin_decl_explicit (bcode);
@@ -229,7 +229,7 @@ ubsan_instrument_vla (location_t loc, tr
NULL_TREE);
data = build_fold_addr_expr_loc (loc, data);
enum built_in_function bcode
- = flag_sanitize_recover
+ = (flag_sanitize_recover & SANITIZE_VLA)
? BUILT_IN_UBSAN_HANDLE_VLA_BOUND_NOT_POSITIVE
: BUILT_IN_UBSAN_HANDLE_VLA_BOUND_NOT_POSITIVE_ABORT;
tt = builtin_decl_explicit (bcode);
Jakub
