compiler-rt/lib/ubsan_minimal/ubsan_minimal_handlers.cpp

   1 #include "sanitizer_common/sanitizer_atomic.h"
   2
   3 #include <stdlib.h>
   4 #include <stdint.h>
   5 #include <string.h>
   6 #include <unistd.h>
   7
   8 #ifdef KERNEL_USE
   9 extern "C" void ubsan_message(const char *msg);
  10 static void message(const char *msg) { ubsan_message(msg); }
  11 #else
  12 static void message(const char *msg) {
  13   (void)write(2, msg, strlen(msg));
  14 }
  15 #endif
  16
  17 static const int kMaxCallerPcs = 20;
  18 static __sanitizer::atomic_uintptr_t caller_pcs[kMaxCallerPcs];
  19 // Number of elements in caller_pcs. A special value of kMaxCallerPcs + 1 means
  20 // that "too many errors" has already been reported.
  21 static __sanitizer::atomic_uint32_t caller_pcs_sz;
  22
  23 __attribute__((noinline)) static bool report_this_error(uintptr_t caller) {
  24   if (caller == 0)
  25     return false;
  26   while (true) {
  27     unsigned sz = __sanitizer::atomic_load_relaxed(&caller_pcs_sz);
  28     if (sz > kMaxCallerPcs) return false;  // early exit
  29     // when sz==kMaxCallerPcs print "too many errors", but only when cmpxchg
  30     // succeeds in order to not print it multiple times.
  31     if (sz > 0 && sz < kMaxCallerPcs) {
  32       uintptr_t p;
  33       for (unsigned i = 0; i < sz; ++i) {
  34         p = __sanitizer::atomic_load_relaxed(&caller_pcs[i]);
  35         if (p == 0) break;  // Concurrent update.
  36         if (p == caller) return false;
  37       }
  38       if (p == 0) continue;  // FIXME: yield?
  39     }
  40
  41     if (!__sanitizer::atomic_compare_exchange_strong(
  42             &caller_pcs_sz, &sz, sz + 1, __sanitizer::memory_order_seq_cst))
  43       continue;  // Concurrent update! Try again from the start.
  44
  45     if (sz == kMaxCallerPcs) {
  46       message("ubsan: too many errors\n");
  47       return false;
  48     }
  49     __sanitizer::atomic_store_relaxed(&caller_pcs[sz], caller);
  50     return true;
  51   }
  52 }
  53
  54 __attribute__((noinline)) static void decorate_msg(char *buf,
  55                                                    uintptr_t caller) {
  56   // print the address by nibbles
  57   for (unsigned shift = sizeof(uintptr_t) * 8; shift;) {
  58     shift -= 4;
  59     unsigned nibble = (caller >> shift) & 0xf;
  60     *(buf++) = nibble < 10 ? nibble + '0' : nibble - 10 + 'a';
  61   }
  62   // finish the message
  63   buf[0] = '\n';
  64   buf[1] = '\0';
  65 }
  66
  67 #if defined(__ANDROID__)
  68 extern "C" __attribute__((weak)) void android_set_abort_message(const char *);
  69 static void abort_with_message(const char *msg) {
  70   if (&android_set_abort_message) android_set_abort_message(msg);
  71   abort();
  72 }
  73 #else
  74 static void abort_with_message(const char *) { abort(); }
  75 #endif
  76
  77 #if SANITIZER_DEBUG
  78 namespace __sanitizer {
  79 // The DCHECK macro needs this symbol to be defined.
  80 void NORETURN CheckFailed(const char *file, int, const char *cond, u64, u64) {
  81   message("Sanitizer CHECK failed: ");
  82   message(file);
  83   message(":?? : "); // FIXME: Show line number.
  84   message(cond);
  85   abort();
  86 }
  87 } // namespace __sanitizer
  88 #endif
  89
  90 #define INTERFACE extern "C" __attribute__((visibility("default")))
  91
  92 // How many chars we need to reserve to print an address.
  93 constexpr unsigned kAddrBuf = SANITIZER_WORDSIZE / 4;
  94 #define MSG_TMPL(msg) "ubsan: " msg " by 0x"
  95 #define MSG_TMPL_END(buf, msg) (buf + sizeof(MSG_TMPL(msg)) - 1)
  96 // Reserve an additional byte for '\n'.
  97 #define MSG_BUF_LEN(msg) (sizeof(MSG_TMPL(msg)) + kAddrBuf + 1)
  98
  99 #define HANDLER_RECOVER(name, msg)                               \
 100   INTERFACE void __ubsan_handle_##name##_minimal() {             \
 101     uintptr_t caller = GET_CALLER_PC();                  \
 102     if (!report_this_error(caller)) return;                      \
 103     char msg_buf[MSG_BUF_LEN(msg)] = MSG_TMPL(msg);              \
 104     decorate_msg(MSG_TMPL_END(msg_buf, msg), caller);            \
 105     message(msg_buf);                                            \
 106   }
 107
 108 #define HANDLER_NORECOVER(name, msg)                             \
 109   INTERFACE void __ubsan_handle_##name##_minimal_abort() {       \
 110     char msg_buf[MSG_BUF_LEN(msg)] = MSG_TMPL(msg);              \
 111     decorate_msg(MSG_TMPL_END(msg_buf, msg), GET_CALLER_PC());   \
 112     message(msg_buf);                                            \
 113     abort_with_message(msg_buf);                                 \
 114   }
 115
 116 #define HANDLER(name, msg)                                       \
 117   HANDLER_RECOVER(name, msg)                                     \
 118   HANDLER_NORECOVER(name, msg)
 119
 120 HANDLER(type_mismatch, "type-mismatch")
 121 HANDLER(alignment_assumption, "alignment-assumption")
 122 HANDLER(add_overflow, "add-overflow")
 123 HANDLER(sub_overflow, "sub-overflow")
 124 HANDLER(mul_overflow, "mul-overflow")
 125 HANDLER(negate_overflow, "negate-overflow")
 126 HANDLER(divrem_overflow, "divrem-overflow")
 127 HANDLER(shift_out_of_bounds, "shift-out-of-bounds")
 128 HANDLER(out_of_bounds, "out-of-bounds")
 129 HANDLER_RECOVER(builtin_unreachable, "builtin-unreachable")
 130 HANDLER_RECOVER(missing_return, "missing-return")
 131 HANDLER(vla_bound_not_positive, "vla-bound-not-positive")
 132 HANDLER(float_cast_overflow, "float-cast-overflow")
 133 HANDLER(load_invalid_value, "load-invalid-value")
 134 HANDLER(invalid_builtin, "invalid-builtin")
 135 HANDLER(invalid_objc_cast, "invalid-objc-cast")
 136 HANDLER(function_type_mismatch, "function-type-mismatch")
 137 HANDLER(implicit_conversion, "implicit-conversion")
 138 HANDLER(nonnull_arg, "nonnull-arg")
 139 HANDLER(nonnull_return, "nonnull-return")
 140 HANDLER(nullability_arg, "nullability-arg")
 141 HANDLER(nullability_return, "nullability-return")
 142 HANDLER(pointer_overflow, "pointer-overflow")
 143 HANDLER(cfi_check_fail, "cfi-check-fail")