[clang] [DFSan] Add missing documentation for -dfsan-reaches-function-callbacks. (PR #84218)
https://github.com/browneee created https://github.com/llvm/llvm-project/pull/84218 None >From f23dd8ed555c57a37957a12fcb81bd383bc69254 Mon Sep 17 00:00:00 2001 From: Andrew Browne Date: Wed, 6 Mar 2024 18:00:27 + Subject: [PATCH] [DFSan] Add missing documentation for -dfsan-reaches-function-callbacks. --- clang/docs/DataFlowSanitizer.rst | 24 1 file changed, 24 insertions(+) diff --git a/clang/docs/DataFlowSanitizer.rst b/clang/docs/DataFlowSanitizer.rst index a18b8ed1948f33..9b21068d8d75f3 100644 --- a/clang/docs/DataFlowSanitizer.rst +++ b/clang/docs/DataFlowSanitizer.rst @@ -233,6 +233,30 @@ labels of just ``v1`` and ``v2``. or, and can be accessed using ``dfsan_label dfsan_get_labels_in_signal_conditional();``. +* ``-dfsan-reaches-function-callbacks`` -- An experimental feature that inserts + callbacks for data entering a function. + + In addition to this compilation flag, a callback handler must be registered + using ``dfsan_set_reaches_function_callback(my_callback);``, where my_callback is + a function with a signature matching + ``void my_callback(dfsan_label label, dfsan_origin origin, + const char *file, unsigned int line, + const char *function);`` + This signature is the same when origin tracking is disabled - in this case + the dfsan_origin passed in it will always be 0. + + The callback will be called when a tained value reach stack/registers + in the context of a function. Tainted values can reach a function: +* via the arguments of the function +* via the return value of a call that occurs in the function +* via the loaded value of a load that occurs in the function + + The callback will be skipped for conditional expressions inside signal + handlers, as this is prone to deadlock. Tainted values reaching functions + inside signal handlers will instead be aggregated via bitwise or, and can + be accessed using + ``dfsan_label dfsan_get_labels_in_signal_reaches_function()``. + * ``-dfsan-track-origins`` -- Controls how to track origins. When its value is 0, the runtime does not track origins. When its value is 1, the runtime tracks origins at memory store operations. When its value is 2, the runtime tracks ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [DFSan] Add missing documentation for -dfsan-reaches-function-callbacks. (PR #84218)
https://github.com/browneee updated https://github.com/llvm/llvm-project/pull/84218 >From bc9a6eb322ee3b2cea45789ede8c1e0799583157 Mon Sep 17 00:00:00 2001 From: Andrew Browne Date: Wed, 6 Mar 2024 18:00:27 + Subject: [PATCH] [DFSan] Add missing documentation for -dfsan-reaches-function-callbacks. --- clang/docs/DataFlowSanitizer.rst | 22 ++ 1 file changed, 22 insertions(+) diff --git a/clang/docs/DataFlowSanitizer.rst b/clang/docs/DataFlowSanitizer.rst index a18b8ed1948f33..5ff50b85dcdcf9 100644 --- a/clang/docs/DataFlowSanitizer.rst +++ b/clang/docs/DataFlowSanitizer.rst @@ -233,6 +233,28 @@ labels of just ``v1`` and ``v2``. or, and can be accessed using ``dfsan_label dfsan_get_labels_in_signal_conditional();``. +* ``-dfsan-reaches-function-callbacks`` -- An experimental feature that inserts + callbacks for data entering a function. + + In addition to this compilation flag, a callback handler must be registered + using ``dfsan_set_reaches_function_callback(my_callback);``, where my_callback is + a function with a signature matching + ``void my_callback(dfsan_label label, dfsan_origin origin, const char *file, unsigned int line, const char *function);`` + This signature is the same when origin tracking is disabled - in this case + the dfsan_origin passed in it will always be 0. + + The callback will be called when a tained value reach stack/registers + in the context of a function. Tainted values can reach a function: + * via the arguments of the function + * via the return value of a call that occurs in the function + * via the loaded value of a load that occurs in the function + + The callback will be skipped for conditional expressions inside signal + handlers, as this is prone to deadlock. Tainted values reaching functions + inside signal handlers will instead be aggregated via bitwise or, and can + be accessed using + ``dfsan_label dfsan_get_labels_in_signal_reaches_function()``. + * ``-dfsan-track-origins`` -- Controls how to track origins. When its value is 0, the runtime does not track origins. When its value is 1, the runtime tracks origins at memory store operations. When its value is 2, the runtime tracks ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [DFSan] Add missing documentation for -dfsan-reaches-function-callbacks. (PR #84218)
https://github.com/browneee closed https://github.com/llvm/llvm-project/pull/84218 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] c7689fd - [Clang] Fix memory leak due to TemplateArgumentListInfo used in AST node.
Author: Andrew Browne
Date: 2022-06-08T09:58:25-07:00
New Revision: c7689fd552cdf2b37e804a59322bd0661ccdd3c5
URL:
https://github.com/llvm/llvm-project/commit/c7689fd552cdf2b37e804a59322bd0661ccdd3c5
DIFF:
https://github.com/llvm/llvm-project/commit/c7689fd552cdf2b37e804a59322bd0661ccdd3c5.diff
LOG: [Clang] Fix memory leak due to TemplateArgumentListInfo used in AST node.
It looks like the leak is rooted at the allocation here:
https://github.com/llvm/llvm-project/blob/1a155ee7de3b62a2fabee86fb470a1554fadc54d/clang/lib/Sema/SemaTemplateInstantiateDecl.cpp#L3857
The VarTemplateSpecializationDecl is allocated using placement new which uses
the AST structure for ownership:
https://github.com/llvm/llvm-project/blob/1a155ee7de3b62a2fabee86fb470a1554fadc54d/clang/lib/AST/DeclBase.cpp#L99
The problem is the TemplateArgumentListInfo inside
https://github.com/llvm/llvm-project/blob/1a155ee7de3b62a2fabee86fb470a1554fadc54d/clang/include/clang/AST/DeclTemplate.h#L2721
This object contains a vector which does not use placement new:
https://github.com/llvm/llvm-project/blob/1a155ee7de3b62a2fabee86fb470a1554fadc54d/clang/include/clang/AST/TemplateBase.h#L564
Apparently ASTTemplateArgumentListInfo should be used instead
https://github.com/llvm/llvm-project/blob/1a155ee7de3b62a2fabee86fb470a1554fadc54d/clang/include/clang/AST/TemplateBase.h#L575
https://reviews.llvm.org/D125802#3551305
Reviewed By: aaron.ballman
Differential Revision: https://reviews.llvm.org/D126944
Added:
Modified:
clang-tools-extra/clangd/AST.cpp
clang/docs/ReleaseNotes.rst
clang/include/clang/AST/DeclTemplate.h
clang/include/clang/AST/TemplateBase.h
clang/lib/AST/ASTImporter.cpp
clang/lib/AST/DeclTemplate.cpp
clang/lib/AST/TemplateBase.cpp
clang/lib/Sema/SemaTemplateInstantiateDecl.cpp
Removed:
diff --git a/clang-tools-extra/clangd/AST.cpp
b/clang-tools-extra/clangd/AST.cpp
index 70d98d0e0bb40..ca838618badd9 100644
--- a/clang-tools-extra/clangd/AST.cpp
+++ b/clang-tools-extra/clangd/AST.cpp
@@ -53,8 +53,10 @@ getTemplateSpecializationArgLocs(const NamedDecl &ND) {
llvm::dyn_cast(&ND)) {
if (auto *Args = Var->getTemplateArgsAsWritten())
return Args->arguments();
- } else if (auto *Var = llvm::dyn_cast(&ND))
-return Var->getTemplateArgsInfo().arguments();
+ } else if (auto *Var = llvm::dyn_cast(&ND)) {
+if (auto *Args = Var->getTemplateArgsInfo())
+ return Args->arguments();
+ }
// We return None for ClassTemplateSpecializationDecls because it does not
// contain TemplateArgumentLoc information.
return llvm::None;
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 1e95d3cef51c0..1b1649ac09c87 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -168,6 +168,8 @@ Bug Fixes
`Issue 55562 `_.
- Clang will allow calling a ``consteval`` function in a default argument. This
fixes `Issue 48230 `_.
+- Fixed memory leak due to ``VarTemplateSpecializationDecl`` using
+ ``TemplateArgumentListInfo`` instead of ``ASTTemplateArgumentListInfo``.
Improvements to Clang's diagnostics
^^^
diff --git a/clang/include/clang/AST/DeclTemplate.h
b/clang/include/clang/AST/DeclTemplate.h
index 66e0bb2c02a1f..a00917913e41d 100644
--- a/clang/include/clang/AST/DeclTemplate.h
+++ b/clang/include/clang/AST/DeclTemplate.h
@@ -2718,7 +2718,7 @@ class VarTemplateSpecializationDecl : public VarDecl,
/// The template arguments used to describe this specialization.
const TemplateArgumentList *TemplateArgs;
- TemplateArgumentListInfo TemplateArgsInfo;
+ const ASTTemplateArgumentListInfo *TemplateArgsInfo = nullptr;
/// The point where this template was instantiated (if any).
SourceLocation PointOfInstantiation;
@@ -2773,8 +2773,9 @@ class VarTemplateSpecializationDecl : public VarDecl,
// TODO: Always set this when creating the new specialization?
void setTemplateArgsInfo(const TemplateArgumentListInfo &ArgsInfo);
+ void setTemplateArgsInfo(const ASTTemplateArgumentListInfo *ArgsInfo);
- const TemplateArgumentListInfo &getTemplateArgsInfo() const {
+ const ASTTemplateArgumentListInfo *getTemplateArgsInfo() const {
return TemplateArgsInfo;
}
diff --git a/clang/include/clang/AST/TemplateBase.h
b/clang/include/clang/AST/TemplateBase.h
index e8064121d2796..3ac755ef74a17 100644
--- a/clang/include/clang/AST/TemplateBase.h
+++ b/clang/include/clang/AST/TemplateBase.h
@@ -618,6 +618,9 @@ struct ASTTemplateArgumentListInfo final
ASTTemplateArgumentListInfo(const TemplateArgumentListInfo &List);
+ // FIXME: Is it ever necessary to copy to another context?
+ ASTTemplateArgumentListInfo(const ASTTemplateArgumentListInfo *List);
+
public:
/// The so
[clang] 9129743 - [Docs] List __has_feature(dataflow_sanitizer) in LanguageExtensions docs.
Author: Andrew Browne Date: 2022-03-04T15:48:07-08:00 New Revision: 9129743dde267f7ff678441c64bdfb9e24f7b448 URL: https://github.com/llvm/llvm-project/commit/9129743dde267f7ff678441c64bdfb9e24f7b448 DIFF: https://github.com/llvm/llvm-project/commit/9129743dde267f7ff678441c64bdfb9e24f7b448.diff LOG: [Docs] List __has_feature(dataflow_sanitizer) in LanguageExtensions docs. Added: Modified: clang/docs/LanguageExtensions.rst Removed: diff --git a/clang/docs/LanguageExtensions.rst b/clang/docs/LanguageExtensions.rst index aefb09afc82bb..68b294d0b8640 100644 --- a/clang/docs/LanguageExtensions.rst +++ b/clang/docs/LanguageExtensions.rst @@ -3592,6 +3592,9 @@ with :doc:`ThreadSanitizer`. Use ``__has_feature(memory_sanitizer)`` to check if the code is being built with :doc:`MemorySanitizer`. +Use ``__has_feature(dataflow_sanitizer)`` to check if the code is being built +with :doc:`DataFlowSanitizer`. + Use ``__has_feature(safe_stack)`` to check if the code is being built with :doc:`SafeStack`. ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] 529f098 - [NFC][DFSan] Update DataFlowSanitizer user docs for -dfsan-conditional-callbacks, added in https://reviews.llvm.org/D116207
Author: Andrew Browne Date: 2022-01-13T10:05:45-08:00 New Revision: 529f098789d334de9cd06e913ad9525719fa0774 URL: https://github.com/llvm/llvm-project/commit/529f098789d334de9cd06e913ad9525719fa0774 DIFF: https://github.com/llvm/llvm-project/commit/529f098789d334de9cd06e913ad9525719fa0774.diff LOG: [NFC][DFSan] Update DataFlowSanitizer user docs for -dfsan-conditional-callbacks, added in https://reviews.llvm.org/D116207 Reviewed By: morehouse Differential Revision: https://reviews.llvm.org/D117177 Added: Modified: clang/docs/DataFlowSanitizer.rst Removed: diff --git a/clang/docs/DataFlowSanitizer.rst b/clang/docs/DataFlowSanitizer.rst index cce50dc913185..b4136a935dd28 100644 --- a/clang/docs/DataFlowSanitizer.rst +++ b/clang/docs/DataFlowSanitizer.rst @@ -214,6 +214,25 @@ labels of just ``v1`` and ``v2``. void __dfsan_mem_transfer_callback(dfsan_label *Start, size_t Len); void __dfsan_cmp_callback(dfsan_label CombinedLabel); +* ``-dfsan-conditional-callbacks`` -- An experimental feature that inserts + callbacks for control flow conditional expressions. + This can be used to find where tainted values can control execution. + + In addition to this compilation flag, a callback handler must be registered + using ``dfsan_set_conditional_callback(my_callback);``, where my_callback is + a function with a signature matching + ``void my_callback(dfsan_label l, dfsan_origin o);``. + This signature is the same when origin tracking is disabled - in this case + the dfsan_origin passed in it will always be 0. + + The callback will only be called when a tainted value reaches a conditional + expression for control flow (such as an if's condition). + The callback will be skipped for conditional expressions inside signal + handlers, as this is prone to deadlock. Tainted values used in conditional + expressions inside signal handlers will instead be aggregated via bitwise + or, and can be accessed using + ``dfsan_label dfsan_get_labels_in_signal_conditional();``. + * ``-dfsan-track-origins`` -- Controls how to track origins. When its value is 0, the runtime does not track origins. When its value is 1, the runtime tracks origins at memory store operations. When its value is 2, the runtime tracks ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] 7c004c2 - Revert "[asan] Add support for disable_sanitizer_instrumentation attribute"
Author: Andrew Browne
Date: 2021-12-10T14:33:38-08:00
New Revision: 7c004c2bc999186884a343989b523dacef02cda9
URL:
https://github.com/llvm/llvm-project/commit/7c004c2bc999186884a343989b523dacef02cda9
DIFF:
https://github.com/llvm/llvm-project/commit/7c004c2bc999186884a343989b523dacef02cda9.diff
LOG: Revert "[asan] Add support for disable_sanitizer_instrumentation attribute"
This reverts commit 2b554920f11c8b763cd9ed9003f4e19b919b8e1f.
This change causes tsan test timeout on x86_64-linux-autoconf.
The timeout can be reproduced by:
git clone https://github.com/llvm/llvm-zorg.git
BUILDBOT_CLOBBER= BUILDBOT_REVISION=eef8f3f85679c5b1ae725bade1c23ab7bb6b924f
llvm-zorg/zorg/buildbot/builders/sanitizers/buildbot_standard.sh
Added:
Modified:
clang/docs/AddressSanitizer.rst
clang/lib/CodeGen/CodeGenFunction.cpp
clang/lib/CodeGen/SanitizerMetadata.cpp
clang/test/CodeGen/address-safety-attr-flavors.cpp
clang/test/CodeGen/asan-globals.cpp
llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
Removed:
llvm/test/Instrumentation/AddressSanitizer/asan-disable-sanitizer-instrumentation.ll
diff --git a/clang/docs/AddressSanitizer.rst b/clang/docs/AddressSanitizer.rst
index fe5f683580a46..06b53e2e5da0b 100644
--- a/clang/docs/AddressSanitizer.rst
+++ b/clang/docs/AddressSanitizer.rst
@@ -229,12 +229,6 @@ compilers, so we suggest to use it together with
The same attribute used on a global variable prevents AddressSanitizer
from adding redzones around it and detecting out of bounds accesses.
-
-AddressSanitizer also supports
-``__attribute__((disable_sanitizer_instrumentation))``. This attribute
-works similar to ``__attribute__((no_sanitize("address")))``, but it also
-prevents instrumentation performed by other sanitizers.
-
Suppressing Errors in Recompiled Code (Ignorelist)
--
diff --git a/clang/lib/CodeGen/CodeGenFunction.cpp
b/clang/lib/CodeGen/CodeGenFunction.cpp
index f3b53c4859b2c..ed43adfab9545 100644
--- a/clang/lib/CodeGen/CodeGenFunction.cpp
+++ b/clang/lib/CodeGen/CodeGenFunction.cpp
@@ -382,6 +382,9 @@ void CodeGenFunction::FinishFunction(SourceLocation EndLoc)
{
"__cyg_profile_func_exit");
}
+ if (ShouldSkipSanitizerInstrumentation())
+CurFn->addFnAttr(llvm::Attribute::DisableSanitizerInstrumentation);
+
// Emit debug descriptor for function end.
if (CGDebugInfo *DI = getDebugInfo())
DI->EmitFunctionEnd(Builder, CurFn);
@@ -763,22 +766,17 @@ void CodeGenFunction::StartFunction(GlobalDecl GD,
QualType RetTy,
Fn->addFnAttr(llvm::Attribute::NoSanitizeCoverage);
}
- if (ShouldSkipSanitizerInstrumentation()) {
-CurFn->addFnAttr(llvm::Attribute::DisableSanitizerInstrumentation);
- } else {
-// Apply sanitizer attributes to the function.
-if (SanOpts.hasOneOf(SanitizerKind::Address |
SanitizerKind::KernelAddress))
- Fn->addFnAttr(llvm::Attribute::SanitizeAddress);
-if (SanOpts.hasOneOf(SanitizerKind::HWAddress |
- SanitizerKind::KernelHWAddress))
- Fn->addFnAttr(llvm::Attribute::SanitizeHWAddress);
-if (SanOpts.has(SanitizerKind::MemTag))
- Fn->addFnAttr(llvm::Attribute::SanitizeMemTag);
-if (SanOpts.has(SanitizerKind::Thread))
- Fn->addFnAttr(llvm::Attribute::SanitizeThread);
-if (SanOpts.hasOneOf(SanitizerKind::Memory | SanitizerKind::KernelMemory))
- Fn->addFnAttr(llvm::Attribute::SanitizeMemory);
- }
+ // Apply sanitizer attributes to the function.
+ if (SanOpts.hasOneOf(SanitizerKind::Address | SanitizerKind::KernelAddress))
+Fn->addFnAttr(llvm::Attribute::SanitizeAddress);
+ if (SanOpts.hasOneOf(SanitizerKind::HWAddress |
SanitizerKind::KernelHWAddress))
+Fn->addFnAttr(llvm::Attribute::SanitizeHWAddress);
+ if (SanOpts.has(SanitizerKind::MemTag))
+Fn->addFnAttr(llvm::Attribute::SanitizeMemTag);
+ if (SanOpts.has(SanitizerKind::Thread))
+Fn->addFnAttr(llvm::Attribute::SanitizeThread);
+ if (SanOpts.hasOneOf(SanitizerKind::Memory | SanitizerKind::KernelMemory))
+Fn->addFnAttr(llvm::Attribute::SanitizeMemory);
if (SanOpts.has(SanitizerKind::SafeStack))
Fn->addFnAttr(llvm::Attribute::SafeStack);
if (SanOpts.has(SanitizerKind::ShadowCallStack))
diff --git a/clang/lib/CodeGen/SanitizerMetadata.cpp
b/clang/lib/CodeGen/SanitizerMetadata.cpp
index 9e26d242d3a7e..009965a36c396 100644
--- a/clang/lib/CodeGen/SanitizerMetadata.cpp
+++ b/clang/lib/CodeGen/SanitizerMetadata.cpp
@@ -73,8 +73,6 @@ void
SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV,
for (auto Attr : D.specific_attrs())
if (Attr->getMask() & SanitizerKind::Address)
IsExcluded = true;
- if (D.hasAttr())
-IsExcluded = true;
reportGlobalToASan(GV, D.getLocation(), OS.str(), D.getType(), IsDynInit,
IsExcluded);
}
diff --git a/clang/
