1 //===-- ubsan_diag.cpp ----------------------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // Diagnostic reporting for the UBSan runtime. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "ubsan_platform.h" 14 #if CAN_SANITIZE_UB 15 #include "ubsan_diag.h" 16 #include "ubsan_init.h" 17 #include "ubsan_flags.h" 18 #include "ubsan_monitor.h" 19 #include "sanitizer_common/sanitizer_placement_new.h" 20 #include "sanitizer_common/sanitizer_report_decorator.h" 21 #include "sanitizer_common/sanitizer_stacktrace.h" 22 #include "sanitizer_common/sanitizer_stacktrace_printer.h" 23 #include "sanitizer_common/sanitizer_suppressions.h" 24 #include "sanitizer_common/sanitizer_symbolizer.h" 25 #include <stdio.h> 26 27 using namespace __ubsan; 28 29 // UBSan is combined with runtimes that already provide this functionality 30 // (e.g., ASan) as well as runtimes that lack it (e.g., scudo). Tried to use 31 // weak linkage to resolve this issue which is not portable and breaks on 32 // Windows. 33 // TODO(yln): This is a temporary workaround. GetStackTrace functions will be 34 // removed in the future. 35 void ubsan_GetStackTrace(BufferedStackTrace *stack, uptr max_depth, uptr pc, 36 uptr bp, void *context, bool request_fast) { 37 uptr top = 0; 38 uptr bottom = 0; 39 GetThreadStackTopAndBottom(false, &top, &bottom); 40 bool fast = StackTrace::WillUseFastUnwind(request_fast); 41 stack->Unwind(max_depth, pc, bp, context, top, bottom, fast); 42 } 43 44 static void MaybePrintStackTrace(uptr pc, uptr bp) { 45 // We assume that flags are already parsed, as UBSan runtime 46 // will definitely be called when we print the first diagnostics message. 47 if (!flags()->print_stacktrace) 48 return; 49 50 BufferedStackTrace stack; 51 ubsan_GetStackTrace(&stack, kStackTraceMax, pc, bp, nullptr, 52 common_flags()->fast_unwind_on_fatal); 53 stack.Print(); 54 } 55 56 static const char *ConvertTypeToString(ErrorType Type) { 57 switch (Type) { 58 #define UBSAN_CHECK(Name, SummaryKind, FSanitizeFlagName) \ 59 case ErrorType::Name: \ 60 return SummaryKind; 61 #include "ubsan_checks.inc" 62 #undef UBSAN_CHECK 63 } 64 UNREACHABLE("unknown ErrorType!"); 65 } 66 67 static const char *ConvertTypeToFlagName(ErrorType Type) { 68 switch (Type) { 69 #define UBSAN_CHECK(Name, SummaryKind, FSanitizeFlagName) \ 70 case ErrorType::Name: \ 71 return FSanitizeFlagName; 72 #include "ubsan_checks.inc" 73 #undef UBSAN_CHECK 74 } 75 UNREACHABLE("unknown ErrorType!"); 76 } 77 78 static void MaybeReportErrorSummary(Location Loc, ErrorType Type) { 79 if (!common_flags()->print_summary) 80 return; 81 if (!flags()->report_error_type) 82 Type = ErrorType::GenericUB; 83 const char *ErrorKind = ConvertTypeToString(Type); 84 if (Loc.isSourceLocation()) { 85 SourceLocation SLoc = Loc.getSourceLocation(); 86 if (!SLoc.isInvalid()) { 87 AddressInfo AI; 88 AI.file = internal_strdup(SLoc.getFilename()); 89 AI.line = SLoc.getLine(); 90 AI.column = SLoc.getColumn(); 91 AI.function = internal_strdup(""); // Avoid printing ?? as function name. 92 ReportErrorSummary(ErrorKind, AI, GetSanititizerToolName()); 93 AI.Clear(); 94 return; 95 } 96 } else if (Loc.isSymbolizedStack()) { 97 const AddressInfo &AI = Loc.getSymbolizedStack()->info; 98 ReportErrorSummary(ErrorKind, AI, GetSanititizerToolName()); 99 return; 100 } 101 ReportErrorSummary(ErrorKind, GetSanititizerToolName()); 102 } 103 104 namespace { 105 class Decorator : public SanitizerCommonDecorator { 106 public: 107 Decorator() : SanitizerCommonDecorator() {} 108 const char *Highlight() const { return Green(); } 109 const char *Note() const { return Black(); } 110 }; 111 } 112 113 SymbolizedStack *__ubsan::getSymbolizedLocation(uptr PC) { 114 InitAsStandaloneIfNecessary(); 115 return Symbolizer::GetOrInit()->SymbolizePC(PC); 116 } 117 118 Diag &Diag::operator<<(const TypeDescriptor &V) { 119 return AddArg(V.getTypeName()); 120 } 121 122 Diag &Diag::operator<<(const Value &V) { 123 if (V.getType().isSignedIntegerTy()) 124 AddArg(V.getSIntValue()); 125 else if (V.getType().isUnsignedIntegerTy()) 126 AddArg(V.getUIntValue()); 127 else if (V.getType().isFloatTy()) 128 AddArg(V.getFloatValue()); 129 else 130 AddArg("<unknown>"); 131 return *this; 132 } 133 134 /// Hexadecimal printing for numbers too large for Printf to handle directly. 135 static void RenderHex(InternalScopedString *Buffer, UIntMax Val) { 136 #if HAVE_INT128_T 137 Buffer->append("0x%08x%08x%08x%08x", (unsigned int)(Val >> 96), 138 (unsigned int)(Val >> 64), (unsigned int)(Val >> 32), 139 (unsigned int)(Val)); 140 #else 141 UNREACHABLE("long long smaller than 64 bits?"); 142 #endif 143 } 144 145 static void RenderLocation(InternalScopedString *Buffer, Location Loc) { 146 switch (Loc.getKind()) { 147 case Location::LK_Source: { 148 SourceLocation SLoc = Loc.getSourceLocation(); 149 if (SLoc.isInvalid()) 150 Buffer->append("<unknown>"); 151 else 152 RenderSourceLocation(Buffer, SLoc.getFilename(), SLoc.getLine(), 153 SLoc.getColumn(), common_flags()->symbolize_vs_style, 154 common_flags()->strip_path_prefix); 155 return; 156 } 157 case Location::LK_Memory: 158 Buffer->append("%p", reinterpret_cast<void *>(Loc.getMemoryLocation())); 159 return; 160 case Location::LK_Symbolized: { 161 const AddressInfo &Info = Loc.getSymbolizedStack()->info; 162 if (Info.file) 163 RenderSourceLocation(Buffer, Info.file, Info.line, Info.column, 164 common_flags()->symbolize_vs_style, 165 common_flags()->strip_path_prefix); 166 else if (Info.module) 167 RenderModuleLocation(Buffer, Info.module, Info.module_offset, 168 Info.module_arch, common_flags()->strip_path_prefix); 169 else 170 Buffer->append("%p", reinterpret_cast<void *>(Info.address)); 171 return; 172 } 173 case Location::LK_Null: 174 Buffer->append("<unknown>"); 175 return; 176 } 177 } 178 179 static void RenderText(InternalScopedString *Buffer, const char *Message, 180 const Diag::Arg *Args) { 181 for (const char *Msg = Message; *Msg; ++Msg) { 182 if (*Msg != '%') { 183 Buffer->append("%c", *Msg); 184 continue; 185 } 186 const Diag::Arg &A = Args[*++Msg - '0']; 187 switch (A.Kind) { 188 case Diag::AK_String: 189 Buffer->append("%s", A.String); 190 break; 191 case Diag::AK_TypeName: { 192 if (SANITIZER_WINDOWS) 193 // The Windows implementation demangles names early. 194 Buffer->append("'%s'", A.String); 195 else 196 Buffer->append("'%s'", Symbolizer::GetOrInit()->Demangle(A.String)); 197 break; 198 } 199 case Diag::AK_SInt: 200 // 'long long' is guaranteed to be at least 64 bits wide. 201 if (A.SInt >= INT64_MIN && A.SInt <= INT64_MAX) 202 Buffer->append("%lld", (long long)A.SInt); 203 else 204 RenderHex(Buffer, A.SInt); 205 break; 206 case Diag::AK_UInt: 207 if (A.UInt <= UINT64_MAX) 208 Buffer->append("%llu", (unsigned long long)A.UInt); 209 else 210 RenderHex(Buffer, A.UInt); 211 break; 212 case Diag::AK_Float: { 213 // FIXME: Support floating-point formatting in sanitizer_common's 214 // printf, and stop using snprintf here. 215 char FloatBuffer[32]; 216 #if SANITIZER_WINDOWS 217 sprintf_s(FloatBuffer, sizeof(FloatBuffer), "%Lg", (long double)A.Float); 218 #else 219 snprintf(FloatBuffer, sizeof(FloatBuffer), "%Lg", (long double)A.Float); 220 #endif 221 Buffer->append("%s", FloatBuffer); 222 break; 223 } 224 case Diag::AK_Pointer: 225 Buffer->append("%p", A.Pointer); 226 break; 227 } 228 } 229 } 230 231 /// Find the earliest-starting range in Ranges which ends after Loc. 232 static Range *upperBound(MemoryLocation Loc, Range *Ranges, 233 unsigned NumRanges) { 234 Range *Best = 0; 235 for (unsigned I = 0; I != NumRanges; ++I) 236 if (Ranges[I].getEnd().getMemoryLocation() > Loc && 237 (!Best || 238 Best->getStart().getMemoryLocation() > 239 Ranges[I].getStart().getMemoryLocation())) 240 Best = &Ranges[I]; 241 return Best; 242 } 243 244 static inline uptr subtractNoOverflow(uptr LHS, uptr RHS) { 245 return (LHS < RHS) ? 0 : LHS - RHS; 246 } 247 248 static inline uptr addNoOverflow(uptr LHS, uptr RHS) { 249 const uptr Limit = (uptr)-1; 250 return (LHS > Limit - RHS) ? Limit : LHS + RHS; 251 } 252 253 /// Render a snippet of the address space near a location. 254 static void PrintMemorySnippet(const Decorator &Decor, MemoryLocation Loc, 255 Range *Ranges, unsigned NumRanges, 256 const Diag::Arg *Args) { 257 // Show at least the 8 bytes surrounding Loc. 258 const unsigned MinBytesNearLoc = 4; 259 MemoryLocation Min = subtractNoOverflow(Loc, MinBytesNearLoc); 260 MemoryLocation Max = addNoOverflow(Loc, MinBytesNearLoc); 261 MemoryLocation OrigMin = Min; 262 for (unsigned I = 0; I < NumRanges; ++I) { 263 Min = __sanitizer::Min(Ranges[I].getStart().getMemoryLocation(), Min); 264 Max = __sanitizer::Max(Ranges[I].getEnd().getMemoryLocation(), Max); 265 } 266 267 // If we have too many interesting bytes, prefer to show bytes after Loc. 268 const unsigned BytesToShow = 32; 269 if (Max - Min > BytesToShow) 270 Min = __sanitizer::Min(Max - BytesToShow, OrigMin); 271 Max = addNoOverflow(Min, BytesToShow); 272 273 if (!IsAccessibleMemoryRange(Min, Max - Min)) { 274 Printf("<memory cannot be printed>\n"); 275 return; 276 } 277 278 // Emit data. 279 InternalScopedString Buffer; 280 for (uptr P = Min; P != Max; ++P) { 281 unsigned char C = *reinterpret_cast<const unsigned char*>(P); 282 Buffer.append("%s%02x", (P % 8 == 0) ? " " : " ", C); 283 } 284 Buffer.append("\n"); 285 286 // Emit highlights. 287 Buffer.append("%s", Decor.Highlight()); 288 Range *InRange = upperBound(Min, Ranges, NumRanges); 289 for (uptr P = Min; P != Max; ++P) { 290 char Pad = ' ', Byte = ' '; 291 if (InRange && InRange->getEnd().getMemoryLocation() == P) 292 InRange = upperBound(P, Ranges, NumRanges); 293 if (!InRange && P > Loc) 294 break; 295 if (InRange && InRange->getStart().getMemoryLocation() < P) 296 Pad = '~'; 297 if (InRange && InRange->getStart().getMemoryLocation() <= P) 298 Byte = '~'; 299 if (P % 8 == 0) 300 Buffer.append("%c", Pad); 301 Buffer.append("%c", Pad); 302 Buffer.append("%c", P == Loc ? '^' : Byte); 303 Buffer.append("%c", Byte); 304 } 305 Buffer.append("%s\n", Decor.Default()); 306 307 // Go over the line again, and print names for the ranges. 308 InRange = 0; 309 unsigned Spaces = 0; 310 for (uptr P = Min; P != Max; ++P) { 311 if (!InRange || InRange->getEnd().getMemoryLocation() == P) 312 InRange = upperBound(P, Ranges, NumRanges); 313 if (!InRange) 314 break; 315 316 Spaces += (P % 8) == 0 ? 2 : 1; 317 318 if (InRange && InRange->getStart().getMemoryLocation() == P) { 319 while (Spaces--) 320 Buffer.append(" "); 321 RenderText(&Buffer, InRange->getText(), Args); 322 Buffer.append("\n"); 323 // FIXME: We only support naming one range for now! 324 break; 325 } 326 327 Spaces += 2; 328 } 329 330 Printf("%s", Buffer.data()); 331 // FIXME: Print names for anything we can identify within the line: 332 // 333 // * If we can identify the memory itself as belonging to a particular 334 // global, stack variable, or dynamic allocation, then do so. 335 // 336 // * If we have a pointer-size, pointer-aligned range highlighted, 337 // determine whether the value of that range is a pointer to an 338 // entity which we can name, and if so, print that name. 339 // 340 // This needs an external symbolizer, or (preferably) ASan instrumentation. 341 } 342 343 Diag::~Diag() { 344 // All diagnostics should be printed under report mutex. 345 ScopedReport::CheckLocked(); 346 Decorator Decor; 347 InternalScopedString Buffer; 348 349 // Prepare a report that a monitor process can inspect. 350 if (Level == DL_Error) { 351 RenderText(&Buffer, Message, Args); 352 UndefinedBehaviorReport UBR{ConvertTypeToString(ET), Loc, Buffer}; 353 Buffer.clear(); 354 } 355 356 Buffer.append("%s", Decor.Bold()); 357 RenderLocation(&Buffer, Loc); 358 Buffer.append(":"); 359 360 switch (Level) { 361 case DL_Error: 362 Buffer.append("%s runtime error: %s%s", Decor.Warning(), Decor.Default(), 363 Decor.Bold()); 364 break; 365 366 case DL_Note: 367 Buffer.append("%s note: %s", Decor.Note(), Decor.Default()); 368 break; 369 } 370 371 RenderText(&Buffer, Message, Args); 372 373 Buffer.append("%s\n", Decor.Default()); 374 Printf("%s", Buffer.data()); 375 376 if (Loc.isMemoryLocation()) 377 PrintMemorySnippet(Decor, Loc.getMemoryLocation(), Ranges, NumRanges, Args); 378 } 379 380 ScopedReport::Initializer::Initializer() { InitAsStandaloneIfNecessary(); } 381 382 ScopedReport::ScopedReport(ReportOptions Opts, Location SummaryLoc, 383 ErrorType Type) 384 : Opts(Opts), SummaryLoc(SummaryLoc), Type(Type) {} 385 386 ScopedReport::~ScopedReport() { 387 MaybePrintStackTrace(Opts.pc, Opts.bp); 388 MaybeReportErrorSummary(SummaryLoc, Type); 389 390 if (common_flags()->print_module_map >= 2) 391 DumpProcessMap(); 392 393 if (flags()->halt_on_error) 394 Die(); 395 } 396 397 ALIGNED(64) static char suppression_placeholder[sizeof(SuppressionContext)]; 398 static SuppressionContext *suppression_ctx = nullptr; 399 static const char kVptrCheck[] = "vptr_check"; 400 static const char *kSuppressionTypes[] = { 401 #define UBSAN_CHECK(Name, SummaryKind, FSanitizeFlagName) FSanitizeFlagName, 402 #include "ubsan_checks.inc" 403 #undef UBSAN_CHECK 404 kVptrCheck, 405 }; 406 407 void __ubsan::InitializeSuppressions() { 408 CHECK_EQ(nullptr, suppression_ctx); 409 suppression_ctx = new (suppression_placeholder) 410 SuppressionContext(kSuppressionTypes, ARRAY_SIZE(kSuppressionTypes)); 411 suppression_ctx->ParseFromFile(flags()->suppressions); 412 } 413 414 bool __ubsan::IsVptrCheckSuppressed(const char *TypeName) { 415 InitAsStandaloneIfNecessary(); 416 CHECK(suppression_ctx); 417 Suppression *s; 418 return suppression_ctx->Match(TypeName, kVptrCheck, &s); 419 } 420 421 bool __ubsan::IsPCSuppressed(ErrorType ET, uptr PC, const char *Filename) { 422 InitAsStandaloneIfNecessary(); 423 CHECK(suppression_ctx); 424 const char *SuppType = ConvertTypeToFlagName(ET); 425 // Fast path: don't symbolize PC if there is no suppressions for given UB 426 // type. 427 if (!suppression_ctx->HasSuppressionType(SuppType)) 428 return false; 429 Suppression *s = nullptr; 430 // Suppress by file name known to runtime. 431 if (Filename != nullptr && suppression_ctx->Match(Filename, SuppType, &s)) 432 return true; 433 // Suppress by module name. 434 if (const char *Module = Symbolizer::GetOrInit()->GetModuleNameForPc(PC)) { 435 if (suppression_ctx->Match(Module, SuppType, &s)) 436 return true; 437 } 438 // Suppress by function or source file name from debug info. 439 SymbolizedStackHolder Stack(Symbolizer::GetOrInit()->SymbolizePC(PC)); 440 const AddressInfo &AI = Stack.get()->info; 441 return suppression_ctx->Match(AI.function, SuppType, &s) || 442 suppression_ctx->Match(AI.file, SuppType, &s); 443 } 444 445 #endif // CAN_SANITIZE_UB 446