[llvm-branch-commits] [clang] Revert "[LinkerWrapper] Extend with usual pass options (#96704)" (#102226) (PR #106439)
https://github.com/haoNoQ milestoned https://github.com/llvm/llvm-project/pull/106439 ___ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
[llvm-branch-commits] [clang] Revert "[LinkerWrapper] Extend with usual pass options (#96704)" (#102226) (PR #106439)
https://github.com/haoNoQ created
https://github.com/llvm/llvm-project/pull/106439
This reverts commit 90ccf2187332ff900d46a58a27cb0353577d37cb.
Cherry picked from commit 030ee841a9c9fbbd6e7c001e751737381da01f7b.
Conflicts:
clang/test/Driver/linker-wrapper-passes.c
>From 5e343fa7c1bef713f367afafbfe25e114c8f86d5 Mon Sep 17 00:00:00 2001
From: Joseph Huber
Date: Tue, 6 Aug 2024 21:33:25 -0500
Subject: [PATCH] Revert "[LinkerWrapper] Extend with usual pass options
(#96704)" (#102226)
This reverts commit 90ccf2187332ff900d46a58a27cb0353577d37cb.
Fixes: https://github.com/llvm/llvm-project/issues/100212
(cherry picked from commit 030ee841a9c9fbbd6e7c001e751737381da01f7b)
Conflicts:
clang/test/Driver/linker-wrapper-passes.c
---
clang/test/Driver/linker-wrapper-passes.c | 71 ---
clang/test/lit.cfg.py | 12
clang/test/lit.site.cfg.py.in | 4 --
3 files changed, 87 deletions(-)
delete mode 100644 clang/test/Driver/linker-wrapper-passes.c
diff --git a/clang/test/Driver/linker-wrapper-passes.c
b/clang/test/Driver/linker-wrapper-passes.c
deleted file mode 100644
index b257c942afa075..00
--- a/clang/test/Driver/linker-wrapper-passes.c
+++ /dev/null
@@ -1,71 +0,0 @@
-// Check various clang-linker-wrapper pass options after -offload-opt.
-
-// REQUIRES: llvm-plugins, llvm-examples
-// REQUIRES: x86-registered-target
-// REQUIRES: amdgpu-registered-target
-// Setup.
-// RUN: mkdir -p %t
-// RUN: %clang -cc1 -emit-llvm-bc -o %t/host-x86_64-unknown-linux-gnu.bc \
-// RUN: -disable-O0-optnone -triple=x86_64-unknown-linux-gnu %s
-// RUN: %clang -cc1 -emit-llvm-bc -o %t/openmp-amdgcn-amd-amdhsa.bc \
-// RUN: -disable-O0-optnone -triple=amdgcn-amd-amdhsa %s
-// RUN: opt %t/openmp-amdgcn-amd-amdhsa.bc -o %t/openmp-amdgcn-amd-amdhsa.bc \
-// RUN: -passes=forceattrs -force-remove-attribute=f:noinline
-// RUN: clang-offload-packager -o %t/openmp-x86_64-unknown-linux-gnu.out \
-// RUN:
--image=file=%t/openmp-amdgcn-amd-amdhsa.bc,triple=amdgcn-amd-amdhsa
-// RUN: %clang -cc1 -S -o %t/host-x86_64-unknown-linux-gnu.s \
-// RUN: -fopenmp -fopenmp-targets=amdgcn-amd-amdhsa \
-// RUN: -fembed-offload-object=%t/openmp-x86_64-unknown-linux-gnu.out \
-// RUN: %t/host-x86_64-unknown-linux-gnu.bc
-// RUN: %clang -cc1as -o %t/host-x86_64-unknown-linux-gnu.o \
-// RUN: -triple x86_64-unknown-linux-gnu -filetype obj -target-cpu x86-64 \
-// RUN: %t/host-x86_64-unknown-linux-gnu.s
-
-// Check plugin, -passes, and no remarks.
-// RUN: clang-linker-wrapper -o a.out --embed-bitcode \
-// RUN: --linker-path=/usr/bin/true %t/host-x86_64-unknown-linux-gnu.o \
-// RUN: %offload-opt-loadbye --offload-opt=-wave-goodbye \
-// RUN: --offload-opt=-passes="function(goodbye),module(inline)" 2>&1 | \
-// RUN: FileCheck -match-full-lines -check-prefixes=OUT %s
-
-// Check plugin, -p, and remarks.
-// RUN: clang-linker-wrapper -o a.out --embed-bitcode \
-// RUN: --linker-path=/usr/bin/true %t/host-x86_64-unknown-linux-gnu.o \
-// RUN: %offload-opt-loadbye --offload-opt=-wave-goodbye \
-// RUN: --offload-opt=-p="function(goodbye),module(inline)" \
-// RUN: --offload-opt=-pass-remarks=inline \
-// RUN: --offload-opt=-pass-remarks-output=%t/remarks.yml \
-// RUN: --offload-opt=-pass-remarks-filter=inline \
-// RUN: --offload-opt=-pass-remarks-format=yaml 2>&1 | \
-// RUN: FileCheck -match-full-lines -check-prefixes=OUT,REM %s
-// RUN: FileCheck -input-file=%t/remarks.yml -match-full-lines \
-// RUN: -check-prefixes=YML %s
-
-// Check handling of bad plugin.
-// RUN: not clang-linker-wrapper \
-// RUN: --offload-opt=-load-pass-plugin=%t/nonexistent.so 2>&1 | \
-// RUN: FileCheck -match-full-lines -check-prefixes=BAD-PLUGIN %s
-
-// OUT-NOT: {{.}}
-// OUT: Bye: f
-// OUT-NEXT: Bye: test
-// REM-NEXT: remark: {{.*}} 'f' inlined into 'test' {{.*}}
-// OUT-NOT: {{.}}
-
-// YML-NOT: {{.}}
-// YML: --- !Passed
-// YML-NEXT: Pass: inline
-// YML-NEXT: Name: Inlined
-// YML-NEXT: Function: test
-// YML-NEXT: Args:
-// YML: - Callee: f
-// YML: - Caller: test
-// YML: ...
-// YML-NOT: {{.}}
-
-// BAD-PLUGIN-NOT: {{.}}
-// BAD-PLUGIN: {{.*}}Could not load library {{.*}}nonexistent.so{{.*}}
-// BAD-PLUGIN-NOT: {{.}}
-
-void f() {}
-void test() { f(); }
diff --git a/clang/test/lit.cfg.py b/clang/test/lit.cfg.py
index 2bd7501136a10e..92a3361ce672e2 100644
--- a/clang/test/lit.cfg.py
+++ b/clang/test/lit.cfg.py
@@ -110,15 +110,6 @@
if config.clang_examples:
config.available_features.add("examples")
-if config.llvm_examples:
-config.available_features.add("llvm-examples")
-
-if config.llvm_linked_bye_extension:
-config.substitutions.append(("%offload-opt-loadbye", ""))
-else:
-loadbye =
f"-load-pass-plugin={config.llvm_shlib_dir}/Bye{config.llvm_shlib_ext}"
-config.substitutions.append(("%offload-opt-loadbye",
f"--offload-opt={loadby
[llvm-branch-commits] [clang] Revert "[LinkerWrapper] Extend with usual pass options (#96704)" (#102226) (PR #106439)
https://github.com/haoNoQ edited https://github.com/llvm/llvm-project/pull/106439 ___ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
[llvm-branch-commits] [clang] Revert "[LinkerWrapper] Extend with usual pass options (#96704)" (#102226) (PR #106439)
haoNoQ wrote: (According to the discussion in 102226, this patch was never supposed to be in the release branch.) https://github.com/llvm/llvm-project/pull/106439 ___ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
[llvm-branch-commits] [clang] d2ddc69 - Revert "Revert "[analyzer] NFC: Move path diagnostic consumer implementations to libAnalysis.""
Author: Artem Dergachev
Date: 2021-01-07T00:28:22-08:00
New Revision: d2ddc694ff94743d9735aaf07edcaf6db8aaca04
URL:
https://github.com/llvm/llvm-project/commit/d2ddc694ff94743d9735aaf07edcaf6db8aaca04
DIFF:
https://github.com/llvm/llvm-project/commit/d2ddc694ff94743d9735aaf07edcaf6db8aaca04.diff
LOG: Revert "Revert "[analyzer] NFC: Move path diagnostic consumer
implementations to libAnalysis.""
This reverts commit 5663bf201f5c444d6fb56fb1bd471bc53c17d837.
The cyclic dependency problem is addressed now.
This is the ~fifth attempt to land this change.
Added:
clang/include/clang/Analysis/CrossTUAnalysisHelper.h
clang/include/clang/Analysis/PathDiagnosticConsumers.def
clang/include/clang/Analysis/PathDiagnosticConsumers.h
clang/lib/Analysis/HTMLPathDiagnosticConsumer.cpp
clang/lib/Analysis/PlistHTMLPathDiagnosticConsumer.cpp
clang/lib/Analysis/PlistPathDiagnosticConsumer.cpp
clang/lib/Analysis/SarifPathDiagnosticConsumer.cpp
clang/lib/Analysis/TextPathDiagnosticConsumer.cpp
Modified:
clang/include/clang/CrossTU/CrossTranslationUnit.h
clang/include/clang/StaticAnalyzer/Core/Analyses.def
clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
clang/include/clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h
clang/include/clang/module.modulemap
clang/lib/Analysis/CMakeLists.txt
clang/lib/CrossTU/CrossTranslationUnit.cpp
clang/lib/Frontend/CompilerInvocation.cpp
clang/lib/StaticAnalyzer/Core/CMakeLists.txt
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
Removed:
clang/include/clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h
clang/lib/StaticAnalyzer/Core/HTMLDiagnostics.cpp
clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
clang/lib/StaticAnalyzer/Core/SarifDiagnostics.cpp
clang/lib/StaticAnalyzer/Core/TextDiagnostics.cpp
diff --git a/clang/include/clang/Analysis/CrossTUAnalysisHelper.h
b/clang/include/clang/Analysis/CrossTUAnalysisHelper.h
new file mode 100644
index ..500e78ddedcf
--- /dev/null
+++ b/clang/include/clang/Analysis/CrossTUAnalysisHelper.h
@@ -0,0 +1,41 @@
+//===- CrossTUAnalysisHelper.h - Abstraction layer for CTU --*- C++
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+#ifndef LLVM_CLANG_ANALYSIS_CROSS_TU_HELPER_H
+#define LLVM_CLANG_ANALYSIS_CROSS_TU_HELPER_H
+
+#include "llvm/ADT/Optional.h"
+#include "clang/Basic/SourceManager.h"
+
+namespace clang {
+
+class ASTUnit;
+
+/// This class is an abstract interface acting as a bridge between
+/// an analysis that requires lookups across translation units (a user
+/// of that interface) and the facility that implements such lookups
+/// (an implementation of that interface). This is useful to break direct
+/// link-time dependencies between the (possibly shared) libraries in which
+/// the user and the implementation live.
+class CrossTUAnalysisHelper {
+public:
+ /// Determine the original source location in the original TU for an
+ /// imported source location.
+ /// \p ToLoc Source location in the imported-to AST.
+ /// \return Source location in the imported-from AST and the corresponding
+ /// ASTUnit object (the AST was loaded from a file using an internal ASTUnit
+ /// object that is returned here).
+ /// If any error happens (ToLoc is a non-imported source location) empty is
+ /// returned.
+ virtual llvm::Optional>
+ getImportedFromSourceLocationWithPreprocessor(SourceLocation ToLoc) const =
0;
+
+ virtual ~CrossTUAnalysisHelper() {}
+};
+} // namespace clang
+
+#endif // LLVM_CLANG_ANALYSIS_CROSS_TU_HELPER_H
diff --git a/clang/include/clang/Analysis/PathDiagnosticConsumers.def
b/clang/include/clang/Analysis/PathDiagnosticConsumers.def
new file mode 100644
index ..33d2072fcf31
--- /dev/null
+++ b/clang/include/clang/Analysis/PathDiagnosticConsumers.def
@@ -0,0 +1,50 @@
+//===-- PathDiagnosticConsumers.def - Visualizing warnings --*- C++
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+//
+// This file defines the set of path diagnostic consumers - objects that
+// implement
diff erent representations of static analysis results.
+//
+//===--===//
+
+#ifndef ANALYSIS_DIAGNOSTICS
+#define ANALYSIS_DIAGNOSTICS(NAME, CMDFLAG, DESC, CREATEFN)
+#endif
+
+ANALYSIS_DIAGNOSTICS(HTML, "html", "Output analysis results using HTML",
[llvm-branch-commits] [clang] 6b0ee02 - Revert "Revert "Revert "Revert "[analyzer] NFC: Move path diagnostic consumer implementations to libAnalysis.""""
Author: Artem Dergachev
Date: 2021-01-07T20:22:22-08:00
New Revision: 6b0ee02747ed22d41e175d15f27025183341e6f8
URL:
https://github.com/llvm/llvm-project/commit/6b0ee02747ed22d41e175d15f27025183341e6f8
DIFF:
https://github.com/llvm/llvm-project/commit/6b0ee02747ed22d41e175d15f27025183341e6f8.diff
LOG: Revert "Revert "Revert "Revert "[analyzer] NFC: Move path diagnostic
consumer implementations to libAnalysis.
This reverts commit b12f26733a4259c90e5f387aceb9f23c35e003b8.
Fix dead include that looked like another missed circular dependency.
Added:
clang/include/clang/Analysis/CrossTUAnalysisHelper.h
clang/include/clang/Analysis/PathDiagnosticConsumers.def
clang/include/clang/Analysis/PathDiagnosticConsumers.h
clang/lib/Analysis/HTMLPathDiagnosticConsumer.cpp
clang/lib/Analysis/PlistHTMLPathDiagnosticConsumer.cpp
clang/lib/Analysis/PlistPathDiagnosticConsumer.cpp
clang/lib/Analysis/SarifPathDiagnosticConsumer.cpp
clang/lib/Analysis/TextPathDiagnosticConsumer.cpp
Modified:
clang/include/clang/CrossTU/CrossTranslationUnit.h
clang/include/clang/StaticAnalyzer/Core/Analyses.def
clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
clang/include/clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h
clang/include/clang/module.modulemap
clang/lib/Analysis/CMakeLists.txt
clang/lib/CrossTU/CrossTranslationUnit.cpp
clang/lib/Frontend/CompilerInvocation.cpp
clang/lib/StaticAnalyzer/Core/CMakeLists.txt
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
Removed:
clang/include/clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h
clang/lib/StaticAnalyzer/Core/HTMLDiagnostics.cpp
clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
clang/lib/StaticAnalyzer/Core/SarifDiagnostics.cpp
clang/lib/StaticAnalyzer/Core/TextDiagnostics.cpp
diff --git a/clang/include/clang/Analysis/CrossTUAnalysisHelper.h
b/clang/include/clang/Analysis/CrossTUAnalysisHelper.h
new file mode 100644
index ..500e78ddedcf
--- /dev/null
+++ b/clang/include/clang/Analysis/CrossTUAnalysisHelper.h
@@ -0,0 +1,41 @@
+//===- CrossTUAnalysisHelper.h - Abstraction layer for CTU --*- C++
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+#ifndef LLVM_CLANG_ANALYSIS_CROSS_TU_HELPER_H
+#define LLVM_CLANG_ANALYSIS_CROSS_TU_HELPER_H
+
+#include "llvm/ADT/Optional.h"
+#include "clang/Basic/SourceManager.h"
+
+namespace clang {
+
+class ASTUnit;
+
+/// This class is an abstract interface acting as a bridge between
+/// an analysis that requires lookups across translation units (a user
+/// of that interface) and the facility that implements such lookups
+/// (an implementation of that interface). This is useful to break direct
+/// link-time dependencies between the (possibly shared) libraries in which
+/// the user and the implementation live.
+class CrossTUAnalysisHelper {
+public:
+ /// Determine the original source location in the original TU for an
+ /// imported source location.
+ /// \p ToLoc Source location in the imported-to AST.
+ /// \return Source location in the imported-from AST and the corresponding
+ /// ASTUnit object (the AST was loaded from a file using an internal ASTUnit
+ /// object that is returned here).
+ /// If any error happens (ToLoc is a non-imported source location) empty is
+ /// returned.
+ virtual llvm::Optional>
+ getImportedFromSourceLocationWithPreprocessor(SourceLocation ToLoc) const =
0;
+
+ virtual ~CrossTUAnalysisHelper() {}
+};
+} // namespace clang
+
+#endif // LLVM_CLANG_ANALYSIS_CROSS_TU_HELPER_H
diff --git a/clang/include/clang/Analysis/PathDiagnosticConsumers.def
b/clang/include/clang/Analysis/PathDiagnosticConsumers.def
new file mode 100644
index ..33d2072fcf31
--- /dev/null
+++ b/clang/include/clang/Analysis/PathDiagnosticConsumers.def
@@ -0,0 +1,50 @@
+//===-- PathDiagnosticConsumers.def - Visualizing warnings --*- C++
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+//
+// This file defines the set of path diagnostic consumers - objects that
+// implement
diff erent representations of static analysis results.
+//
+//===--===//
+
+#ifndef ANALYSIS_DIAGNOSTICS
+#define ANALYSIS_DIAGNOSTICS(NAME, CMDFLAG, DESC, CREATEFN)
+#endif
+
+ANALYSIS_DIAGNOSTICS(HTML, "html", "Output analysis results using HTML",
+
[llvm-branch-commits] [clang] c163aae - [attributes] Add a facility for enforcing a Trusted Computing Base.
Author: Artem Dergachev
Date: 2021-01-11T06:39:42-08:00
New Revision: c163aae45ef6b7f3bd99601195d3ce4aad5850c6
URL:
https://github.com/llvm/llvm-project/commit/c163aae45ef6b7f3bd99601195d3ce4aad5850c6
DIFF:
https://github.com/llvm/llvm-project/commit/c163aae45ef6b7f3bd99601195d3ce4aad5850c6.diff
LOG: [attributes] Add a facility for enforcing a Trusted Computing Base.
Introduce a function attribute 'enforce_tcb' that prevents the function
from calling other functions without the same attribute. This allows
isolating code that's considered to be somehow privileged so that it could not
use its privileges to exhibit arbitrary behavior.
Introduce an on-by-default warning '-Wtcb-enforcement' that warns
about violations of the above rule.
Introduce a function attribute 'enforce_tcb_leaf' that suppresses
the new warning within the function it is attached to. Such leaf functions
may implement common functionality between the trusted and the untrusted code
but they require extra careful audit with respect to their capabilities.
Differential Revision: https://reviews.llvm.org/D91898
Added:
clang/test/Sema/attr-enforce-tcb-errors.cpp
clang/test/Sema/attr-enforce-tcb.c
clang/test/Sema/attr-enforce-tcb.cpp
Modified:
clang/include/clang/Basic/Attr.td
clang/include/clang/Basic/AttrDocs.td
clang/include/clang/Basic/DiagnosticSemaKinds.td
clang/include/clang/Sema/Sema.h
clang/lib/Sema/SemaChecking.cpp
clang/lib/Sema/SemaDecl.cpp
clang/lib/Sema/SemaDeclAttr.cpp
Removed:
diff --git a/clang/include/clang/Basic/Attr.td
b/clang/include/clang/Basic/Attr.td
index 248409946123..c51e95fa6fa8 100644
--- a/clang/include/clang/Basic/Attr.td
+++ b/clang/include/clang/Basic/Attr.td
@@ -3653,3 +3653,19 @@ def Builtin : InheritableAttr {
let SemaHandler = 0;
let Documentation = [Undocumented];
}
+
+def EnforceTCB : InheritableAttr {
+ let Spellings = [Clang<"enforce_tcb">];
+ let Subjects = SubjectList<[Function]>;
+ let Args = [StringArgument<"TCBName">];
+ let Documentation = [EnforceTCBDocs];
+ bit InheritEvenIfAlreadyPresent = 1;
+}
+
+def EnforceTCBLeaf : InheritableAttr {
+ let Spellings = [Clang<"enforce_tcb_leaf">];
+ let Subjects = SubjectList<[Function]>;
+ let Args = [StringArgument<"TCBName">];
+ let Documentation = [EnforceTCBLeafDocs];
+ bit InheritEvenIfAlreadyPresent = 1;
+}
diff --git a/clang/include/clang/Basic/AttrDocs.td
b/clang/include/clang/Basic/AttrDocs.td
index 9cf0c59e07bb..fffede41db1e 100644
--- a/clang/include/clang/Basic/AttrDocs.td
+++ b/clang/include/clang/Basic/AttrDocs.td
@@ -5725,3 +5725,28 @@ Attribute docs`_, and `the GCC Inline docs`_.
}];
let Heading = "always_inline, __force_inline";
}
+
+def EnforceTCBDocs : Documentation {
+ let Category = DocCatFunction;
+ let Content = [{
+ The ``enforce_tcb`` attribute can be placed on functions to enforce that a
+ trusted compute base (TCB) does not call out of the TCB. This generates a
+ warning every time a function not marked with an ``enforce_tcb`` attribute is
+ called from a function with the ``enforce_tcb`` attribute. A function may be
a
+ part of multiple TCBs. Invocations through function pointers are currently
+ not checked. Builtins are considered to a part of every TCB.
+
+ - ``enforce_tcb(Name)`` indicates that this function is a part of the TCB
named ``Name``
+ }];
+}
+
+def EnforceTCBLeafDocs : Documentation {
+ let Category = DocCatFunction;
+ let Content = [{
+ The ``enforce_tcb_leaf`` attribute satisfies the requirement enforced by
+ ``enforce_tcb`` for the marked function to be in the named TCB but does not
+ continue to check the functions called from within the leaf function.
+
+ - ``enforce_tcb_leaf(Name)`` indicates that this function is a part of the
TCB named ``Name``
+ }];
+}
diff --git a/clang/include/clang/Basic/DiagnosticSemaKinds.td
b/clang/include/clang/Basic/DiagnosticSemaKinds.td
index 0405195912b2..c048fc89813f 100644
--- a/clang/include/clang/Basic/DiagnosticSemaKinds.td
+++ b/clang/include/clang/Basic/DiagnosticSemaKinds.td
@@ -6,4 +6,11 @@ def err_probability_not_constant_float : Error<
def err_probability_out_of_range : Error<
"probability argument to __builtin_expect_with_probability is outside the "
"range [0.0, 1.0]">;
+
+// TCB warnings
+def err_tcb_conflicting_attributes : Error<
+ "attributes '%0(\"%2\")' and '%1(\"%2\")' are mutually exclusive">;
+def warn_tcb_enforcement_violation : Warning<
+ "calling %0 is a violation of trusted computing base '%1'">,
+ InGroup>;
} // end of sema component.
diff --git a/clang/include/clang/Sema/Sema.h b/clang/include/clang/Sema/Sema.h
index 1d79e5716ef7..4de3b962c660 100644
--- a/clang/include/clang/Sema/Sema.h
+++ b/clang/include/clang/Sema/Sema.h
@@ -3210,6 +3210,9 @@ class Sema final {
Decl *D, const WebAssemblyImportNameAttr &AL);
WebAssemblyImportModule
[llvm-branch-commits] [clang] 35c9baa - [attributes] Add a facility for enforcing a Trusted Computing Base.
Author: Sean Dooher
Date: 2021-01-11T10:20:51-08:00
New Revision: 35c9baa11e4be6ae570674eec2de8bd928639b18
URL:
https://github.com/llvm/llvm-project/commit/35c9baa11e4be6ae570674eec2de8bd928639b18
DIFF:
https://github.com/llvm/llvm-project/commit/35c9baa11e4be6ae570674eec2de8bd928639b18.diff
LOG: [attributes] Add a facility for enforcing a Trusted Computing Base.
Introduce a function attribute 'enforce_tcb' that prevents the function
from calling other functions without the same attribute. This allows
isolating code that's considered to be somehow privileged so that it could not
use its privileges to exhibit arbitrary behavior.
Introduce an on-by-default warning '-Wtcb-enforcement' that warns
about violations of the above rule.
Introduce a function attribute 'enforce_tcb_leaf' that suppresses
the new warning within the function it is attached to. Such leaf functions
may implement common functionality between the trusted and the untrusted code
but they require extra careful audit with respect to their capabilities.
Fixes after a revert in 419ef38a50293c58078f830517f5e305068dbee6:
Fix a test.
Add workaround for GCC bug (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67274).
Attribute the patch appropriately!
Differential Revision: https://reviews.llvm.org/D91898
Added:
clang/test/Sema/attr-enforce-tcb-errors.cpp
clang/test/Sema/attr-enforce-tcb.c
clang/test/Sema/attr-enforce-tcb.cpp
Modified:
clang/include/clang/Basic/Attr.td
clang/include/clang/Basic/AttrDocs.td
clang/include/clang/Basic/DiagnosticSemaKinds.td
clang/include/clang/Sema/Sema.h
clang/lib/Sema/SemaChecking.cpp
clang/lib/Sema/SemaDecl.cpp
clang/lib/Sema/SemaDeclAttr.cpp
clang/test/Misc/pragma-attribute-supported-attributes-list.test
Removed:
diff --git a/clang/include/clang/Basic/Attr.td
b/clang/include/clang/Basic/Attr.td
index 248409946123e..c51e95fa6fa87 100644
--- a/clang/include/clang/Basic/Attr.td
+++ b/clang/include/clang/Basic/Attr.td
@@ -3653,3 +3653,19 @@ def Builtin : InheritableAttr {
let SemaHandler = 0;
let Documentation = [Undocumented];
}
+
+def EnforceTCB : InheritableAttr {
+ let Spellings = [Clang<"enforce_tcb">];
+ let Subjects = SubjectList<[Function]>;
+ let Args = [StringArgument<"TCBName">];
+ let Documentation = [EnforceTCBDocs];
+ bit InheritEvenIfAlreadyPresent = 1;
+}
+
+def EnforceTCBLeaf : InheritableAttr {
+ let Spellings = [Clang<"enforce_tcb_leaf">];
+ let Subjects = SubjectList<[Function]>;
+ let Args = [StringArgument<"TCBName">];
+ let Documentation = [EnforceTCBLeafDocs];
+ bit InheritEvenIfAlreadyPresent = 1;
+}
diff --git a/clang/include/clang/Basic/AttrDocs.td
b/clang/include/clang/Basic/AttrDocs.td
index 9cf0c59e07bba..fffede41db1e8 100644
--- a/clang/include/clang/Basic/AttrDocs.td
+++ b/clang/include/clang/Basic/AttrDocs.td
@@ -5725,3 +5725,28 @@ Attribute docs`_, and `the GCC Inline docs`_.
}];
let Heading = "always_inline, __force_inline";
}
+
+def EnforceTCBDocs : Documentation {
+ let Category = DocCatFunction;
+ let Content = [{
+ The ``enforce_tcb`` attribute can be placed on functions to enforce that a
+ trusted compute base (TCB) does not call out of the TCB. This generates a
+ warning every time a function not marked with an ``enforce_tcb`` attribute is
+ called from a function with the ``enforce_tcb`` attribute. A function may be
a
+ part of multiple TCBs. Invocations through function pointers are currently
+ not checked. Builtins are considered to a part of every TCB.
+
+ - ``enforce_tcb(Name)`` indicates that this function is a part of the TCB
named ``Name``
+ }];
+}
+
+def EnforceTCBLeafDocs : Documentation {
+ let Category = DocCatFunction;
+ let Content = [{
+ The ``enforce_tcb_leaf`` attribute satisfies the requirement enforced by
+ ``enforce_tcb`` for the marked function to be in the named TCB but does not
+ continue to check the functions called from within the leaf function.
+
+ - ``enforce_tcb_leaf(Name)`` indicates that this function is a part of the
TCB named ``Name``
+ }];
+}
diff --git a/clang/include/clang/Basic/DiagnosticSemaKinds.td
b/clang/include/clang/Basic/DiagnosticSemaKinds.td
index 0405195912b23..c048fc89813f8 100644
--- a/clang/include/clang/Basic/DiagnosticSemaKinds.td
+++ b/clang/include/clang/Basic/DiagnosticSemaKinds.td
@@ -6,4 +6,11 @@ def err_probability_not_constant_float : Error<
def err_probability_out_of_range : Error<
"probability argument to __builtin_expect_with_probability is outside the "
"range [0.0, 1.0]">;
+
+// TCB warnings
+def err_tcb_conflicting_attributes : Error<
+ "attributes '%0(\"%2\")' and '%1(\"%2\")' are mutually exclusive">;
+def warn_tcb_enforcement_violation : Warning<
+ "calling %0 is a violation of trusted computing base '%1'">,
+ InGroup>;
} // end of sema component.
diff --git a/clang/include/clang/Sema/Sema.h b/clan
[llvm-branch-commits] [clang] ea66410 - Revert "Revert "Revert "Revert "[analyzer] NFC: Move path diagnostic consumer implementations to libAnalysis.""""
Author: Artem Dergachev
Date: 2020-12-10T11:02:54-08:00
New Revision: ea6641085d025ca0a5cef940465ef14d0ccace02
URL:
https://github.com/llvm/llvm-project/commit/ea6641085d025ca0a5cef940465ef14d0ccace02
DIFF:
https://github.com/llvm/llvm-project/commit/ea6641085d025ca0a5cef940465ef14d0ccace02.diff
LOG: Revert "Revert "Revert "Revert "[analyzer] NFC: Move path diagnostic
consumer implementations to libAnalysis.
This reverts commit 6a89cb8136f3435bd977b419b683dc0acc98e61e.
Added:
clang/include/clang/Analysis/PathDiagnosticConsumers.def
clang/include/clang/Analysis/PathDiagnosticConsumers.h
clang/lib/Analysis/HTMLPathDiagnosticConsumer.cpp
clang/lib/Analysis/PlistHTMLPathDiagnosticConsumer.cpp
clang/lib/Analysis/PlistPathDiagnosticConsumer.cpp
clang/lib/Analysis/SarifPathDiagnosticConsumer.cpp
clang/lib/Analysis/TextPathDiagnosticConsumer.cpp
Modified:
clang/include/clang/StaticAnalyzer/Core/Analyses.def
clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
clang/include/clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h
clang/include/clang/module.modulemap
clang/lib/Analysis/CMakeLists.txt
clang/lib/Frontend/CompilerInvocation.cpp
clang/lib/StaticAnalyzer/Core/CMakeLists.txt
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
Removed:
clang/include/clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h
clang/lib/StaticAnalyzer/Core/HTMLDiagnostics.cpp
clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
clang/lib/StaticAnalyzer/Core/SarifDiagnostics.cpp
clang/lib/StaticAnalyzer/Core/TextDiagnostics.cpp
diff --git a/clang/include/clang/Analysis/PathDiagnosticConsumers.def
b/clang/include/clang/Analysis/PathDiagnosticConsumers.def
new file mode 100644
index ..33d2072fcf31
--- /dev/null
+++ b/clang/include/clang/Analysis/PathDiagnosticConsumers.def
@@ -0,0 +1,50 @@
+//===-- PathDiagnosticConsumers.def - Visualizing warnings --*- C++
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+//
+// This file defines the set of path diagnostic consumers - objects that
+// implement
diff erent representations of static analysis results.
+//
+//===--===//
+
+#ifndef ANALYSIS_DIAGNOSTICS
+#define ANALYSIS_DIAGNOSTICS(NAME, CMDFLAG, DESC, CREATEFN)
+#endif
+
+ANALYSIS_DIAGNOSTICS(HTML, "html", "Output analysis results using HTML",
+ createHTMLDiagnosticConsumer)
+
+ANALYSIS_DIAGNOSTICS(
+HTML_SINGLE_FILE, "html-single-file",
+"Output analysis results using HTML (not allowing for multi-file bugs)",
+createHTMLSingleFileDiagnosticConsumer)
+
+ANALYSIS_DIAGNOSTICS(PLIST, "plist", "Output analysis results using Plists",
+ createPlistDiagnosticConsumer)
+
+ANALYSIS_DIAGNOSTICS(
+PLIST_MULTI_FILE, "plist-multi-file",
+"Output analysis results using Plists (allowing for multi-file bugs)",
+createPlistMultiFileDiagnosticConsumer)
+
+ANALYSIS_DIAGNOSTICS(PLIST_HTML, "plist-html",
+ "Output analysis results using HTML wrapped with Plists",
+ createPlistHTMLDiagnosticConsumer)
+
+ANALYSIS_DIAGNOSTICS(SARIF, "sarif", "Output analysis results in a SARIF file",
+ createSarifDiagnosticConsumer)
+
+ANALYSIS_DIAGNOSTICS(TEXT, "text", "Text output of analysis results to stderr",
+ createTextPathDiagnosticConsumer)
+
+ANALYSIS_DIAGNOSTICS(TEXT_MINIMAL, "text-minimal",
+ "Emits minimal diagnostics to stderr, stating only the "
+ "warning message and the associated notes. Usually "
+ "used in addition to other analysis types",
+ createTextMinimalPathDiagnosticConsumer)
+
+#undef ANALYSIS_DIAGNOSTICS
diff --git a/clang/include/clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h
b/clang/include/clang/Analysis/PathDiagnosticConsumers.h
similarity index 89%
rename from clang/include/clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h
rename to clang/include/clang/Analysis/PathDiagnosticConsumers.h
index f40f88eb32ff..9f23bea1b4c1 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h
+++ b/clang/include/clang/Analysis/PathDiagnosticConsumers.h
@@ -18,6 +18,8 @@
#include
#include
+#include "clang/Analysis/PathDiagnostic.h"
+
namespace clang {
class AnalyzerOptions;
@@ -29,14 +31,14 @@ class CrossTranslationUnitContext;
namespace ento {
class PathDiagnosticConsumer;
-typedef std::vector PathDiagnosticConsumers;
+typedef std::vector PathDiagnosticConsumers;
#define ANALY
[llvm-branch-commits] [clang] 00ffea7 - [analyzer][CTU] Add an abstraction layer between libCrossTU and libAnalysis.
Author: Artem Dergachev
Date: 2020-12-10T11:02:54-08:00
New Revision: 00ffea77ad887b576e9db82d98c97a31fee172cb
URL:
https://github.com/llvm/llvm-project/commit/00ffea77ad887b576e9db82d98c97a31fee172cb
DIFF:
https://github.com/llvm/llvm-project/commit/00ffea77ad887b576e9db82d98c97a31fee172cb.diff
LOG: [analyzer][CTU] Add an abstraction layer between libCrossTU and
libAnalysis.
Fixes shared libs build after D67422.
Differential Revision: https://reviews.llvm.org/D92432
Added:
clang/include/clang/Analysis/CrossTUAnalysisHelper.h
Modified:
clang/include/clang/Analysis/PathDiagnosticConsumers.h
clang/include/clang/CrossTU/CrossTranslationUnit.h
clang/lib/Analysis/HTMLPathDiagnosticConsumer.cpp
clang/lib/Analysis/PlistHTMLPathDiagnosticConsumer.cpp
clang/lib/Analysis/PlistPathDiagnosticConsumer.cpp
clang/lib/Analysis/SarifPathDiagnosticConsumer.cpp
clang/lib/Analysis/TextPathDiagnosticConsumer.cpp
clang/lib/CrossTU/CrossTranslationUnit.cpp
Removed:
diff --git a/clang/include/clang/Analysis/CrossTUAnalysisHelper.h
b/clang/include/clang/Analysis/CrossTUAnalysisHelper.h
new file mode 100644
index ..ba2562b43055
--- /dev/null
+++ b/clang/include/clang/Analysis/CrossTUAnalysisHelper.h
@@ -0,0 +1,41 @@
+//===- CrossTUAnalysisHelper.h - Abstraction layer for CTU --*- C++
-*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+#ifndef LLVM_CLANG_ANALYSIS_CROSS_TU_HELPER_H
+#define LLVM_CLANG_ANALYSIS_CROSS_TU_HELPER_H
+
+#include "llvm/ADT/Optional.h"
+#include "clang/Basic/SourceManager.h"
+
+namespace clang {
+
+class ASTUnit;
+
+/// This class is an abstract interface acting as a bridge between
+/// an analysis that requires lookups across translation units (a user
+/// of that interface) and the facility that implements such lookups
+/// (an implementation of that interface). This is useful to break direct
+/// link-time dependencies between the (possibly shared) libraries in which
+/// the user and the implementation live.
+class CrossTUAnalysisHelper {
+public:
+ /// Determine the original source location in the original TU for an
+ /// imported source location.
+ /// \p ToLoc Source location in the imported-to AST.
+ /// \return Source location in the imported-from AST and the corresponding
+ /// ASTUnit object (the AST was loaded from a file using an internal ASTUnit
+ /// object that is returned here).
+ /// If any error happens (ToLoc is a non-imported source location) empty is
+ /// returned.
+ virtual llvm::Optional>
+ getImportedFromSourceLocation(SourceLocation ToLoc) const = 0;
+
+ virtual ~CrossTUAnalysisHelper() {}
+};
+} // namespace clang
+
+#endif // LLVM_CLANG_ANALYSIS_CROSS_TU_HELPER_H
diff --git a/clang/include/clang/Analysis/PathDiagnosticConsumers.h
b/clang/include/clang/Analysis/PathDiagnosticConsumers.h
index 9f23bea1b4c1..fde2e3498216 100644
--- a/clang/include/clang/Analysis/PathDiagnosticConsumers.h
+++ b/clang/include/clang/Analysis/PathDiagnosticConsumers.h
@@ -24,9 +24,7 @@ namespace clang {
class AnalyzerOptions;
class Preprocessor;
-namespace cross_tu {
-class CrossTranslationUnitContext;
-}
+class CrossTUAnalysisHelper;
namespace ento {
@@ -36,8 +34,7 @@ typedef std::vector
PathDiagnosticConsumers;
#define ANALYSIS_DIAGNOSTICS(NAME, CMDFLAG, DESC, CREATEFN)
\
void CREATEFN(PathDiagnosticConsumerOptions Diagopts,
\
PathDiagnosticConsumers &C, const std::string &Prefix,
\
-const Preprocessor &PP,
\
-const cross_tu::CrossTranslationUnitContext &CTU);
+const Preprocessor &PP, const CrossTUAnalysisHelper &CTU);
#include "clang/Analysis/PathDiagnosticConsumers.def"
} // end 'ento' namespace
diff --git a/clang/include/clang/CrossTU/CrossTranslationUnit.h
b/clang/include/clang/CrossTU/CrossTranslationUnit.h
index 027c6f16430b..2926ad288dbb 100644
--- a/clang/include/clang/CrossTU/CrossTranslationUnit.h
+++ b/clang/include/clang/CrossTU/CrossTranslationUnit.h
@@ -14,6 +14,7 @@
#ifndef LLVM_CLANG_CROSSTU_CROSSTRANSLATIONUNIT_H
#define LLVM_CLANG_CROSSTU_CROSSTRANSLATIONUNIT_H
+#include "clang/Analysis/CrossTUAnalysisHelper.h"
#include "clang/AST/ASTImporterSharedState.h"
#include "clang/Basic/LLVM.h"
#include "llvm/ADT/DenseMap.h"
@@ -120,10 +121,10 @@ bool containsConst(const VarDecl *VD, const ASTContext
&ACtx);
/// the locations of the AST files for each definition.
///
/// Note that this class also implements caching.
-class CrossTranslationUnitContext {
+class CrossTranslationUnitContext : p
[llvm-branch-commits] [clang] 8c5ca7c - [analyzer] OSObjectCStyleCast: Improve warning message.
Author: Artem Dergachev
Date: 2020-12-10T19:46:33-08:00
New Revision: 8c5ca7c6e62c203b9642dca2a1d9118c36777ad5
URL:
https://github.com/llvm/llvm-project/commit/8c5ca7c6e62c203b9642dca2a1d9118c36777ad5
DIFF:
https://github.com/llvm/llvm-project/commit/8c5ca7c6e62c203b9642dca2a1d9118c36777ad5.diff
LOG: [analyzer] OSObjectCStyleCast: Improve warning message.
Suggest OSRequiredCast as a closer alternative to C-style cast.
Explain how to decide.
Added:
Modified:
clang/lib/StaticAnalyzer/Checkers/OSObjectCStyleCast.cpp
clang/test/Analysis/osobjectcstylecastchecker_test.cpp
Removed:
diff --git a/clang/lib/StaticAnalyzer/Checkers/OSObjectCStyleCast.cpp
b/clang/lib/StaticAnalyzer/Checkers/OSObjectCStyleCast.cpp
index 53ed0e187a4c..270b66dab020 100644
--- a/clang/lib/StaticAnalyzer/Checkers/OSObjectCStyleCast.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/OSObjectCStyleCast.cpp
@@ -24,32 +24,36 @@ using namespace ento;
using namespace ast_matchers;
namespace {
-
-const char *WarnAtNode = "OSObjCast";
+static constexpr const char *const WarnAtNode = "WarnAtNode";
+static constexpr const char *const WarnRecordDecl = "WarnRecordDecl";
class OSObjectCStyleCastChecker : public Checker {
public:
- void checkASTCodeBody(const Decl *D,
-AnalysisManager &AM,
+ void checkASTCodeBody(const Decl *D, AnalysisManager &AM,
BugReporter &BR) const;
};
+}
static void emitDiagnostics(const BoundNodes &Nodes,
BugReporter &BR,
AnalysisDeclContext *ADC,
const OSObjectCStyleCastChecker *Checker) {
const auto *CE = Nodes.getNodeAs(WarnAtNode);
- assert(CE);
+ const CXXRecordDecl *RD = Nodes.getNodeAs(WarnRecordDecl);
+ assert(CE && RD);
std::string Diagnostics;
llvm::raw_string_ostream OS(Diagnostics);
- OS << "C-style cast of OSObject. Use OSDynamicCast instead.";
+ OS << "C-style cast of an OSObject is prone to type confusion attacks; "
+ << "use 'OSRequiredCast' if the object is definitely of type '"
+ << RD->getNameAsString() << "', or 'OSDynamicCast' followed by "
+ << "a null check if unsure",
BR.EmitBasicReport(
ADC->getDecl(),
Checker,
/*Name=*/"OSObject C-Style Cast",
-/*BugCategory=*/"Security",
+categories::SecurityError,
OS.str(),
PathDiagnosticLocation::createBegin(CE, BR.getSourceManager(), ADC),
CE->getSourceRange());
@@ -68,7 +72,7 @@ void OSObjectCStyleCastChecker::checkASTCodeBody(const Decl
*D, AnalysisManager
auto OSObjTypeM =
hasTypePointingTo(cxxRecordDecl(isDerivedFrom("OSMetaClassBase")));
auto OSObjSubclassM = hasTypePointingTo(
-cxxRecordDecl(isDerivedFrom("OSObject")));
+cxxRecordDecl(isDerivedFrom("OSObject")).bind(WarnRecordDecl));
auto CastM = cStyleCastExpr(
allOf(hasSourceExpression(allOf(OSObjTypeM, unless(DynamicCastM))),
@@ -78,7 +82,6 @@ void OSObjectCStyleCastChecker::checkASTCodeBody(const Decl
*D, AnalysisManager
for (BoundNodes Match : Matches)
emitDiagnostics(Match, BR, ADC, this);
}
-}
void ento::registerOSObjectCStyleCast(CheckerManager &Mgr) {
Mgr.registerChecker();
diff --git a/clang/test/Analysis/osobjectcstylecastchecker_test.cpp
b/clang/test/Analysis/osobjectcstylecastchecker_test.cpp
index fabed7ee34b1..a5ebb2823a92 100644
--- a/clang/test/Analysis/osobjectcstylecastchecker_test.cpp
+++ b/clang/test/Analysis/osobjectcstylecastchecker_test.cpp
@@ -13,7 +13,7 @@ struct B : public A {
};
unsigned warn_on_explicit_downcast(OSObject * obj) {
- OSArray *a = (OSArray *) obj; // expected-warning{{C-style cast of OSObject.
Use OSDynamicCast instead}}
+ OSArray *a = (OSArray *) obj; // expected-warning{{C-style cast of an
OSObject is prone to type confusion attacks; use 'OSRequiredCast' if the object
is definitely of type 'OSArray', or 'OSDynamicCast' followed by a null check if
unsure}}
return a->getCount();
}
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
