1 //===-- ubsan_diag.cpp ----------------------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // Diagnostic reporting for the UBSan runtime. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "ubsan_platform.h" 14 #if CAN_SANITIZE_UB 15 #include "ubsan_diag.h" 16 #include "ubsan_init.h" 17 #include "ubsan_flags.h" 18 #include "ubsan_monitor.h" 19 #include "sanitizer_common/sanitizer_placement_new.h" 20 #include "sanitizer_common/sanitizer_report_decorator.h" 21 #include "sanitizer_common/sanitizer_stacktrace.h" 22 #include "sanitizer_common/sanitizer_stacktrace_printer.h" 23 #include "sanitizer_common/sanitizer_suppressions.h" 24 #include "sanitizer_common/sanitizer_symbolizer.h" 25 #include <stdio.h> 26 27 using namespace __ubsan; 28 29 // UBSan is combined with runtimes that already provide this functionality 30 // (e.g., ASan) as well as runtimes that lack it (e.g., scudo). Tried to use 31 // weak linkage to resolve this issue which is not portable and breaks on 32 // Windows. 33 // TODO(yln): This is a temporary workaround. GetStackTrace functions will be 34 // removed in the future. 35 void ubsan_GetStackTrace(BufferedStackTrace *stack, uptr max_depth, uptr pc, 36 uptr bp, void *context, bool request_fast) { 37 uptr top = 0; 38 uptr bottom = 0; 39 GetThreadStackTopAndBottom(false, &top, &bottom); 40 bool fast = StackTrace::WillUseFastUnwind(request_fast); 41 stack->Unwind(max_depth, pc, bp, context, top, bottom, fast); 42 } 43 44 static void MaybePrintStackTrace(uptr pc, uptr bp) { 45 // We assume that flags are already parsed, as UBSan runtime 46 // will definitely be called when we print the first diagnostics message. 47 if (!flags()->print_stacktrace) 48 return; 49 50 BufferedStackTrace stack; 51 ubsan_GetStackTrace(&stack, kStackTraceMax, pc, bp, nullptr, 52 common_flags()->fast_unwind_on_fatal); 53 stack.Print(); 54 } 55 56 static const char *ConvertTypeToString(ErrorType Type) { 57 switch (Type) { 58 #define UBSAN_CHECK(Name, SummaryKind, FSanitizeFlagName) \ 59 case ErrorType::Name: \ 60 return SummaryKind; 61 #include "ubsan_checks.inc" 62 #undef UBSAN_CHECK 63 } 64 UNREACHABLE("unknown ErrorType!"); 65 } 66 67 static const char *ConvertTypeToFlagName(ErrorType Type) { 68 switch (Type) { 69 #define UBSAN_CHECK(Name, SummaryKind, FSanitizeFlagName) \ 70 case ErrorType::Name: \ 71 return FSanitizeFlagName; 72 #include "ubsan_checks.inc" 73 #undef UBSAN_CHECK 74 } 75 UNREACHABLE("unknown ErrorType!"); 76 } 77 78 static void MaybeReportErrorSummary(Location Loc, ErrorType Type) { 79 if (!common_flags()->print_summary) 80 return; 81 if (!flags()->report_error_type) 82 Type = ErrorType::GenericUB; 83 const char *ErrorKind = ConvertTypeToString(Type); 84 if (Loc.isSourceLocation()) { 85 SourceLocation SLoc = Loc.getSourceLocation(); 86 if (!SLoc.isInvalid()) { 87 AddressInfo AI; 88 AI.file = internal_strdup(SLoc.getFilename()); 89 AI.line = SLoc.getLine(); 90 AI.column = SLoc.getColumn(); 91 AI.function = internal_strdup(""); // Avoid printing ?? as function name. 92 ReportErrorSummary(ErrorKind, AI, GetSanititizerToolName()); 93 AI.Clear(); 94 return; 95 } 96 } else if (Loc.isSymbolizedStack()) { 97 const AddressInfo &AI = Loc.getSymbolizedStack()->info; 98 ReportErrorSummary(ErrorKind, AI, GetSanititizerToolName()); 99 return; 100 } 101 ReportErrorSummary(ErrorKind, GetSanititizerToolName()); 102 } 103 104 namespace { 105 class Decorator : public SanitizerCommonDecorator { 106 public: 107 Decorator() : SanitizerCommonDecorator() {} 108 const char *Highlight() const { return Green(); } 109 const char *Note() const { return Black(); } 110 }; 111 } 112 113 SymbolizedStack *__ubsan::getSymbolizedLocation(uptr PC) { 114 InitAsStandaloneIfNecessary(); 115 return Symbolizer::GetOrInit()->SymbolizePC(PC); 116 } 117 118 Diag &Diag::operator<<(const TypeDescriptor &V) { 119 return AddArg(V.getTypeName()); 120 } 121 122 Diag &Diag::operator<<(const Value &V) { 123 if (V.getType().isSignedIntegerTy()) 124 AddArg(V.getSIntValue()); 125 else if (V.getType().isUnsignedIntegerTy()) 126 AddArg(V.getUIntValue()); 127 else if (V.getType().isFloatTy()) 128 AddArg(V.getFloatValue()); 129 else 130 AddArg("<unknown>"); 131 return *this; 132 } 133 134 /// Hexadecimal printing for numbers too large for Printf to handle directly. 135 static void RenderHex(InternalScopedString *Buffer, UIntMax Val) { 136 #if HAVE_INT128_T 137 Buffer->append("0x%08x%08x%08x%08x", (unsigned int)(Val >> 96), 138 (unsigned int)(Val >> 64), (unsigned int)(Val >> 32), 139 (unsigned int)(Val)); 140 #else 141 UNREACHABLE("long long smaller than 64 bits?"); 142 #endif 143 } 144 145 static void RenderLocation(InternalScopedString *Buffer, Location Loc) { 146 switch (Loc.getKind()) { 147 case Location::LK_Source: { 148 SourceLocation SLoc = Loc.getSourceLocation(); 149 if (SLoc.isInvalid()) 150 Buffer->append("<unknown>"); 151 else 152 RenderSourceLocation(Buffer, SLoc.getFilename(), SLoc.getLine(), 153 SLoc.getColumn(), common_flags()->symbolize_vs_style, 154 common_flags()->strip_path_prefix); 155 return; 156 } 157 case Location::LK_Memory: 158 Buffer->append("%p", reinterpret_cast<void *>(Loc.getMemoryLocation())); 159 return; 160 case Location::LK_Symbolized: { 161 const AddressInfo &Info = Loc.getSymbolizedStack()->info; 162 if (Info.file) 163 RenderSourceLocation(Buffer, Info.file, Info.line, Info.column, 164 common_flags()->symbolize_vs_style, 165 common_flags()->strip_path_prefix); 166 else if (Info.module) 167 RenderModuleLocation(Buffer, Info.module, Info.module_offset, 168 Info.module_arch, common_flags()->strip_path_prefix); 169 else 170 Buffer->append("%p", reinterpret_cast<void *>(Info.address)); 171 return; 172 } 173 case Location::LK_Null: 174 Buffer->append("<unknown>"); 175 return; 176 } 177 } 178 179 static void RenderText(InternalScopedString *Buffer, const char *Message, 180 const Diag::Arg *Args) { 181 for (const char *Msg = Message; *Msg; ++Msg) { 182 if (*Msg != '%') { 183 Buffer->append("%c", *Msg); 184 continue; 185 } 186 const Diag::Arg &A = Args[*++Msg - '0']; 187 switch (A.Kind) { 188 case Diag::AK_String: 189 Buffer->append("%s", A.String); 190 break; 191 case Diag::AK_TypeName: { 192 if (SANITIZER_WINDOWS) 193 // The Windows implementation demangles names early. 194 Buffer->append("'%s'", A.String); 195 else 196 Buffer->append("'%s'", Symbolizer::GetOrInit()->Demangle(A.String)); 197 break; 198 } 199 case Diag::AK_SInt: 200 // 'long long' is guaranteed to be at least 64 bits wide. 201 if (A.SInt >= INT64_MIN && A.SInt <= INT64_MAX) 202 Buffer->append("%lld", (long long)A.SInt); 203 else 204 RenderHex(Buffer, A.SInt); 205 break; 206 case Diag::AK_UInt: 207 if (A.UInt <= UINT64_MAX) 208 Buffer->append("%llu", (unsigned long long)A.UInt); 209 else 210 RenderHex(Buffer, A.UInt); 211 break; 212 case Diag::AK_Float: { 213 // FIXME: Support floating-point formatting in sanitizer_common's 214 // printf, and stop using snprintf here. 215 char FloatBuffer[32]; 216 #if SANITIZER_WINDOWS 217 // On MSVC platforms, long doubles are equal to regular doubles. 218 // In MinGW environments on x86, long doubles are 80 bit, but here, 219 // we're calling an MS CRT provided printf function which considers 220 // long doubles to be 64 bit. Just cast the float value to a regular 221 // double to avoid the potential ambiguity in MinGW mode. 222 sprintf_s(FloatBuffer, sizeof(FloatBuffer), "%g", (double)A.Float); 223 #else 224 snprintf(FloatBuffer, sizeof(FloatBuffer), "%Lg", (long double)A.Float); 225 #endif 226 Buffer->append("%s", FloatBuffer); 227 break; 228 } 229 case Diag::AK_Pointer: 230 Buffer->append("%p", A.Pointer); 231 break; 232 } 233 } 234 } 235 236 /// Find the earliest-starting range in Ranges which ends after Loc. 237 static Range *upperBound(MemoryLocation Loc, Range *Ranges, 238 unsigned NumRanges) { 239 Range *Best = 0; 240 for (unsigned I = 0; I != NumRanges; ++I) 241 if (Ranges[I].getEnd().getMemoryLocation() > Loc && 242 (!Best || 243 Best->getStart().getMemoryLocation() > 244 Ranges[I].getStart().getMemoryLocation())) 245 Best = &Ranges[I]; 246 return Best; 247 } 248 249 static inline uptr subtractNoOverflow(uptr LHS, uptr RHS) { 250 return (LHS < RHS) ? 0 : LHS - RHS; 251 } 252 253 static inline uptr addNoOverflow(uptr LHS, uptr RHS) { 254 const uptr Limit = (uptr)-1; 255 return (LHS > Limit - RHS) ? Limit : LHS + RHS; 256 } 257 258 /// Render a snippet of the address space near a location. 259 static void PrintMemorySnippet(const Decorator &Decor, MemoryLocation Loc, 260 Range *Ranges, unsigned NumRanges, 261 const Diag::Arg *Args) { 262 // Show at least the 8 bytes surrounding Loc. 263 const unsigned MinBytesNearLoc = 4; 264 MemoryLocation Min = subtractNoOverflow(Loc, MinBytesNearLoc); 265 MemoryLocation Max = addNoOverflow(Loc, MinBytesNearLoc); 266 MemoryLocation OrigMin = Min; 267 for (unsigned I = 0; I < NumRanges; ++I) { 268 Min = __sanitizer::Min(Ranges[I].getStart().getMemoryLocation(), Min); 269 Max = __sanitizer::Max(Ranges[I].getEnd().getMemoryLocation(), Max); 270 } 271 272 // If we have too many interesting bytes, prefer to show bytes after Loc. 273 const unsigned BytesToShow = 32; 274 if (Max - Min > BytesToShow) 275 Min = __sanitizer::Min(Max - BytesToShow, OrigMin); 276 Max = addNoOverflow(Min, BytesToShow); 277 278 if (!IsAccessibleMemoryRange(Min, Max - Min)) { 279 Printf("<memory cannot be printed>\n"); 280 return; 281 } 282 283 // Emit data. 284 InternalScopedString Buffer; 285 for (uptr P = Min; P != Max; ++P) { 286 unsigned char C = *reinterpret_cast<const unsigned char*>(P); 287 Buffer.append("%s%02x", (P % 8 == 0) ? " " : " ", C); 288 } 289 Buffer.append("\n"); 290 291 // Emit highlights. 292 Buffer.append("%s", Decor.Highlight()); 293 Range *InRange = upperBound(Min, Ranges, NumRanges); 294 for (uptr P = Min; P != Max; ++P) { 295 char Pad = ' ', Byte = ' '; 296 if (InRange && InRange->getEnd().getMemoryLocation() == P) 297 InRange = upperBound(P, Ranges, NumRanges); 298 if (!InRange && P > Loc) 299 break; 300 if (InRange && InRange->getStart().getMemoryLocation() < P) 301 Pad = '~'; 302 if (InRange && InRange->getStart().getMemoryLocation() <= P) 303 Byte = '~'; 304 if (P % 8 == 0) 305 Buffer.append("%c", Pad); 306 Buffer.append("%c", Pad); 307 Buffer.append("%c", P == Loc ? '^' : Byte); 308 Buffer.append("%c", Byte); 309 } 310 Buffer.append("%s\n", Decor.Default()); 311 312 // Go over the line again, and print names for the ranges. 313 InRange = 0; 314 unsigned Spaces = 0; 315 for (uptr P = Min; P != Max; ++P) { 316 if (!InRange || InRange->getEnd().getMemoryLocation() == P) 317 InRange = upperBound(P, Ranges, NumRanges); 318 if (!InRange) 319 break; 320 321 Spaces += (P % 8) == 0 ? 2 : 1; 322 323 if (InRange && InRange->getStart().getMemoryLocation() == P) { 324 while (Spaces--) 325 Buffer.append(" "); 326 RenderText(&Buffer, InRange->getText(), Args); 327 Buffer.append("\n"); 328 // FIXME: We only support naming one range for now! 329 break; 330 } 331 332 Spaces += 2; 333 } 334 335 Printf("%s", Buffer.data()); 336 // FIXME: Print names for anything we can identify within the line: 337 // 338 // * If we can identify the memory itself as belonging to a particular 339 // global, stack variable, or dynamic allocation, then do so. 340 // 341 // * If we have a pointer-size, pointer-aligned range highlighted, 342 // determine whether the value of that range is a pointer to an 343 // entity which we can name, and if so, print that name. 344 // 345 // This needs an external symbolizer, or (preferably) ASan instrumentation. 346 } 347 348 Diag::~Diag() { 349 // All diagnostics should be printed under report mutex. 350 ScopedReport::CheckLocked(); 351 Decorator Decor; 352 InternalScopedString Buffer; 353 354 // Prepare a report that a monitor process can inspect. 355 if (Level == DL_Error) { 356 RenderText(&Buffer, Message, Args); 357 UndefinedBehaviorReport UBR{ConvertTypeToString(ET), Loc, Buffer}; 358 Buffer.clear(); 359 } 360 361 Buffer.append("%s", Decor.Bold()); 362 RenderLocation(&Buffer, Loc); 363 Buffer.append(":"); 364 365 switch (Level) { 366 case DL_Error: 367 Buffer.append("%s runtime error: %s%s", Decor.Warning(), Decor.Default(), 368 Decor.Bold()); 369 break; 370 371 case DL_Note: 372 Buffer.append("%s note: %s", Decor.Note(), Decor.Default()); 373 break; 374 } 375 376 RenderText(&Buffer, Message, Args); 377 378 Buffer.append("%s\n", Decor.Default()); 379 Printf("%s", Buffer.data()); 380 381 if (Loc.isMemoryLocation()) 382 PrintMemorySnippet(Decor, Loc.getMemoryLocation(), Ranges, NumRanges, Args); 383 } 384 385 ScopedReport::Initializer::Initializer() { InitAsStandaloneIfNecessary(); } 386 387 ScopedReport::ScopedReport(ReportOptions Opts, Location SummaryLoc, 388 ErrorType Type) 389 : Opts(Opts), SummaryLoc(SummaryLoc), Type(Type) {} 390 391 ScopedReport::~ScopedReport() { 392 MaybePrintStackTrace(Opts.pc, Opts.bp); 393 MaybeReportErrorSummary(SummaryLoc, Type); 394 395 if (common_flags()->print_module_map >= 2) 396 DumpProcessMap(); 397 398 if (flags()->halt_on_error) 399 Die(); 400 } 401 402 ALIGNED(64) static char suppression_placeholder[sizeof(SuppressionContext)]; 403 static SuppressionContext *suppression_ctx = nullptr; 404 static const char kVptrCheck[] = "vptr_check"; 405 static const char *kSuppressionTypes[] = { 406 #define UBSAN_CHECK(Name, SummaryKind, FSanitizeFlagName) FSanitizeFlagName, 407 #include "ubsan_checks.inc" 408 #undef UBSAN_CHECK 409 kVptrCheck, 410 }; 411 412 void __ubsan::InitializeSuppressions() { 413 CHECK_EQ(nullptr, suppression_ctx); 414 suppression_ctx = new (suppression_placeholder) 415 SuppressionContext(kSuppressionTypes, ARRAY_SIZE(kSuppressionTypes)); 416 suppression_ctx->ParseFromFile(flags()->suppressions); 417 } 418 419 bool __ubsan::IsVptrCheckSuppressed(const char *TypeName) { 420 InitAsStandaloneIfNecessary(); 421 CHECK(suppression_ctx); 422 Suppression *s; 423 return suppression_ctx->Match(TypeName, kVptrCheck, &s); 424 } 425 426 bool __ubsan::IsPCSuppressed(ErrorType ET, uptr PC, const char *Filename) { 427 InitAsStandaloneIfNecessary(); 428 CHECK(suppression_ctx); 429 const char *SuppType = ConvertTypeToFlagName(ET); 430 // Fast path: don't symbolize PC if there is no suppressions for given UB 431 // type. 432 if (!suppression_ctx->HasSuppressionType(SuppType)) 433 return false; 434 Suppression *s = nullptr; 435 // Suppress by file name known to runtime. 436 if (Filename != nullptr && suppression_ctx->Match(Filename, SuppType, &s)) 437 return true; 438 // Suppress by module name. 439 if (const char *Module = Symbolizer::GetOrInit()->GetModuleNameForPc(PC)) { 440 if (suppression_ctx->Match(Module, SuppType, &s)) 441 return true; 442 } 443 // Suppress by function or source file name from debug info. 444 SymbolizedStackHolder Stack(Symbolizer::GetOrInit()->SymbolizePC(PC)); 445 const AddressInfo &AI = Stack.get()->info; 446 return suppression_ctx->Match(AI.function, SuppType, &s) || 447 suppression_ctx->Match(AI.file, SuppType, &s); 448 } 449 450 #endif // CAN_SANITIZE_UB 451