xref: /freebsd/contrib/llvm-project/compiler-rt/lib/ubsan/ubsan_handlers.cpp (revision 7fdf597e96a02165cfe22ff357b857d5fa15ed8a)
1 //===-- ubsan_handlers.cpp ------------------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // Error logging entry points for the UBSan runtime.
10 //
11 //===----------------------------------------------------------------------===//
12 
13 #include "ubsan_platform.h"
14 #if CAN_SANITIZE_UB
15 #include "ubsan_handlers.h"
16 #include "ubsan_diag.h"
17 #include "ubsan_flags.h"
18 #include "ubsan_monitor.h"
19 #include "ubsan_value.h"
20 
21 #include "sanitizer_common/sanitizer_common.h"
22 
23 using namespace __sanitizer;
24 using namespace __ubsan;
25 
26 namespace __ubsan {
27 bool ignoreReport(SourceLocation SLoc, ReportOptions Opts, ErrorType ET) {
28   // We are not allowed to skip error report: if we are in unrecoverable
29   // handler, we have to terminate the program right now, and therefore
30   // have to print some diagnostic.
31   //
32   // Even if source location is disabled, it doesn't mean that we have
33   // already report an error to the user: some concurrently running
34   // thread could have acquired it, but not yet printed the report.
35   if (Opts.FromUnrecoverableHandler)
36     return false;
37   return SLoc.isDisabled() || IsPCSuppressed(ET, Opts.pc, SLoc.getFilename());
38 }
39 
40 /// Situations in which we might emit a check for the suitability of a
41 /// pointer or glvalue. Needs to be kept in sync with CodeGenFunction.h in
42 /// clang.
43 enum TypeCheckKind {
44   /// Checking the operand of a load. Must be suitably sized and aligned.
45   TCK_Load,
46   /// Checking the destination of a store. Must be suitably sized and aligned.
47   TCK_Store,
48   /// Checking the bound value in a reference binding. Must be suitably sized
49   /// and aligned, but is not required to refer to an object (until the
50   /// reference is used), per core issue 453.
51   TCK_ReferenceBinding,
52   /// Checking the object expression in a non-static data member access. Must
53   /// be an object within its lifetime.
54   TCK_MemberAccess,
55   /// Checking the 'this' pointer for a call to a non-static member function.
56   /// Must be an object within its lifetime.
57   TCK_MemberCall,
58   /// Checking the 'this' pointer for a constructor call.
59   TCK_ConstructorCall,
60   /// Checking the operand of a static_cast to a derived pointer type. Must be
61   /// null or an object within its lifetime.
62   TCK_DowncastPointer,
63   /// Checking the operand of a static_cast to a derived reference type. Must
64   /// be an object within its lifetime.
65   TCK_DowncastReference,
66   /// Checking the operand of a cast to a base object. Must be suitably sized
67   /// and aligned.
68   TCK_Upcast,
69   /// Checking the operand of a cast to a virtual base object. Must be an
70   /// object within its lifetime.
71   TCK_UpcastToVirtualBase,
72   /// Checking the value assigned to a _Nonnull pointer. Must not be null.
73   TCK_NonnullAssign,
74   /// Checking the operand of a dynamic_cast or a typeid expression.  Must be
75   /// null or an object within its lifetime.
76   TCK_DynamicOperation
77 };
78 
79 extern const char *const TypeCheckKinds[] = {
80     "load of", "store to", "reference binding to", "member access within",
81     "member call on", "constructor call on", "downcast of", "downcast of",
82     "upcast of", "cast to virtual base of", "_Nonnull binding to",
83     "dynamic operation on"};
84 }
85 
86 static void handleTypeMismatchImpl(TypeMismatchData *Data, ValueHandle Pointer,
87                                    ReportOptions Opts) {
88   Location Loc = Data->Loc.acquire();
89 
90   uptr Alignment = (uptr)1 << Data->LogAlignment;
91   ErrorType ET;
92   if (!Pointer)
93     ET = (Data->TypeCheckKind == TCK_NonnullAssign)
94              ? ErrorType::NullPointerUseWithNullability
95              : ErrorType::NullPointerUse;
96   else if (Pointer & (Alignment - 1))
97     ET = ErrorType::MisalignedPointerUse;
98   else
99     ET = ErrorType::InsufficientObjectSize;
100 
101   // Use the SourceLocation from Data to track deduplication, even if it's
102   // invalid.
103   if (ignoreReport(Loc.getSourceLocation(), Opts, ET))
104     return;
105 
106   SymbolizedStackHolder FallbackLoc;
107   if (Data->Loc.isInvalid()) {
108     FallbackLoc.reset(getCallerLocation(Opts.pc));
109     Loc = FallbackLoc;
110   }
111 
112   ScopedReport R(Opts, Loc, ET);
113 
114   switch (ET) {
115   case ErrorType::NullPointerUse:
116   case ErrorType::NullPointerUseWithNullability:
117     Diag(Loc, DL_Error, ET, "%0 null pointer of type %1")
118         << TypeCheckKinds[Data->TypeCheckKind] << Data->Type;
119     break;
120   case ErrorType::MisalignedPointerUse:
121     Diag(Loc, DL_Error, ET, "%0 misaligned address %1 for type %3, "
122                         "which requires %2 byte alignment")
123         << TypeCheckKinds[Data->TypeCheckKind] << (void *)Pointer << Alignment
124         << Data->Type;
125     break;
126   case ErrorType::InsufficientObjectSize:
127     Diag(Loc, DL_Error, ET, "%0 address %1 with insufficient space "
128                         "for an object of type %2")
129         << TypeCheckKinds[Data->TypeCheckKind] << (void *)Pointer << Data->Type;
130     break;
131   default:
132     UNREACHABLE("unexpected error type!");
133   }
134 
135   if (Pointer)
136     Diag(Pointer, DL_Note, ET, "pointer points here");
137 }
138 
139 void __ubsan::__ubsan_handle_type_mismatch_v1(TypeMismatchData *Data,
140                                               ValueHandle Pointer) {
141   GET_REPORT_OPTIONS(false);
142   handleTypeMismatchImpl(Data, Pointer, Opts);
143 }
144 void __ubsan::__ubsan_handle_type_mismatch_v1_abort(TypeMismatchData *Data,
145                                                     ValueHandle Pointer) {
146   GET_REPORT_OPTIONS(true);
147   handleTypeMismatchImpl(Data, Pointer, Opts);
148   Die();
149 }
150 
151 static void handleAlignmentAssumptionImpl(AlignmentAssumptionData *Data,
152                                           ValueHandle Pointer,
153                                           ValueHandle Alignment,
154                                           ValueHandle Offset,
155                                           ReportOptions Opts) {
156   Location Loc = Data->Loc.acquire();
157   SourceLocation AssumptionLoc = Data->AssumptionLoc.acquire();
158 
159   ErrorType ET = ErrorType::AlignmentAssumption;
160 
161   if (ignoreReport(Loc.getSourceLocation(), Opts, ET))
162     return;
163 
164   ScopedReport R(Opts, Loc, ET);
165 
166   uptr RealPointer = Pointer - Offset;
167   uptr LSB = LeastSignificantSetBitIndex(RealPointer);
168   uptr ActualAlignment = uptr(1) << LSB;
169 
170   uptr Mask = Alignment - 1;
171   uptr MisAlignmentOffset = RealPointer & Mask;
172 
173   if (!Offset) {
174     Diag(Loc, DL_Error, ET,
175          "assumption of %0 byte alignment for pointer of type %1 failed")
176         << Alignment << Data->Type;
177   } else {
178     Diag(Loc, DL_Error, ET,
179          "assumption of %0 byte alignment (with offset of %1 byte) for pointer "
180          "of type %2 failed")
181         << Alignment << Offset << Data->Type;
182   }
183 
184   if (!AssumptionLoc.isInvalid())
185     Diag(AssumptionLoc, DL_Note, ET, "alignment assumption was specified here");
186 
187   Diag(RealPointer, DL_Note, ET,
188        "%0address is %1 aligned, misalignment offset is %2 bytes")
189       << (Offset ? "offset " : "") << ActualAlignment << MisAlignmentOffset;
190 }
191 
192 void __ubsan::__ubsan_handle_alignment_assumption(AlignmentAssumptionData *Data,
193                                                   ValueHandle Pointer,
194                                                   ValueHandle Alignment,
195                                                   ValueHandle Offset) {
196   GET_REPORT_OPTIONS(false);
197   handleAlignmentAssumptionImpl(Data, Pointer, Alignment, Offset, Opts);
198 }
199 void __ubsan::__ubsan_handle_alignment_assumption_abort(
200     AlignmentAssumptionData *Data, ValueHandle Pointer, ValueHandle Alignment,
201     ValueHandle Offset) {
202   GET_REPORT_OPTIONS(true);
203   handleAlignmentAssumptionImpl(Data, Pointer, Alignment, Offset, Opts);
204   Die();
205 }
206 
207 /// \brief Common diagnostic emission for various forms of integer overflow.
208 template <typename T>
209 static void handleIntegerOverflowImpl(OverflowData *Data, ValueHandle LHS,
210                                       const char *Operator, T RHS,
211                                       ReportOptions Opts) {
212   SourceLocation Loc = Data->Loc.acquire();
213   bool IsSigned = Data->Type.isSignedIntegerTy();
214   ErrorType ET = IsSigned ? ErrorType::SignedIntegerOverflow
215                           : ErrorType::UnsignedIntegerOverflow;
216 
217   if (ignoreReport(Loc, Opts, ET))
218     return;
219 
220   // If this is an unsigned overflow in non-fatal mode, potentially ignore it.
221   if (!IsSigned && !Opts.FromUnrecoverableHandler &&
222       flags()->silence_unsigned_overflow)
223     return;
224 
225   ScopedReport R(Opts, Loc, ET);
226 
227   Diag(Loc, DL_Error, ET, "%0 integer overflow: "
228                           "%1 %2 %3 cannot be represented in type %4")
229       << (IsSigned ? "signed" : "unsigned") << Value(Data->Type, LHS)
230       << Operator << RHS << Data->Type;
231 }
232 
233 #define UBSAN_OVERFLOW_HANDLER(handler_name, op, unrecoverable)                \
234   void __ubsan::handler_name(OverflowData *Data, ValueHandle LHS,              \
235                              ValueHandle RHS) {                                \
236     GET_REPORT_OPTIONS(unrecoverable);                                         \
237     handleIntegerOverflowImpl(Data, LHS, op, Value(Data->Type, RHS), Opts);    \
238     if (unrecoverable)                                                         \
239       Die();                                                                   \
240   }
241 
242 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_add_overflow, "+", false)
243 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_add_overflow_abort, "+", true)
244 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_sub_overflow, "-", false)
245 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_sub_overflow_abort, "-", true)
246 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_mul_overflow, "*", false)
247 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_mul_overflow_abort, "*", true)
248 
249 static void handleNegateOverflowImpl(OverflowData *Data, ValueHandle OldVal,
250                                      ReportOptions Opts) {
251   SourceLocation Loc = Data->Loc.acquire();
252   bool IsSigned = Data->Type.isSignedIntegerTy();
253   ErrorType ET = IsSigned ? ErrorType::SignedIntegerOverflow
254                           : ErrorType::UnsignedIntegerOverflow;
255 
256   if (ignoreReport(Loc, Opts, ET))
257     return;
258 
259   if (!IsSigned && flags()->silence_unsigned_overflow)
260     return;
261 
262   ScopedReport R(Opts, Loc, ET);
263 
264   if (IsSigned)
265     Diag(Loc, DL_Error, ET,
266          "negation of %0 cannot be represented in type %1; "
267          "cast to an unsigned type to negate this value to itself")
268         << Value(Data->Type, OldVal) << Data->Type;
269   else
270     Diag(Loc, DL_Error, ET, "negation of %0 cannot be represented in type %1")
271         << Value(Data->Type, OldVal) << Data->Type;
272 }
273 
274 void __ubsan::__ubsan_handle_negate_overflow(OverflowData *Data,
275                                              ValueHandle OldVal) {
276   GET_REPORT_OPTIONS(false);
277   handleNegateOverflowImpl(Data, OldVal, Opts);
278 }
279 void __ubsan::__ubsan_handle_negate_overflow_abort(OverflowData *Data,
280                                                     ValueHandle OldVal) {
281   GET_REPORT_OPTIONS(true);
282   handleNegateOverflowImpl(Data, OldVal, Opts);
283   Die();
284 }
285 
286 static void handleDivremOverflowImpl(OverflowData *Data, ValueHandle LHS,
287                                      ValueHandle RHS, ReportOptions Opts) {
288   SourceLocation Loc = Data->Loc.acquire();
289   Value LHSVal(Data->Type, LHS);
290   Value RHSVal(Data->Type, RHS);
291 
292   ErrorType ET;
293   if (RHSVal.isMinusOne())
294     ET = ErrorType::SignedIntegerOverflow;
295   else if (Data->Type.isIntegerTy())
296     ET = ErrorType::IntegerDivideByZero;
297   else
298     ET = ErrorType::FloatDivideByZero;
299 
300   if (ignoreReport(Loc, Opts, ET))
301     return;
302 
303   ScopedReport R(Opts, Loc, ET);
304 
305   switch (ET) {
306   case ErrorType::SignedIntegerOverflow:
307     Diag(Loc, DL_Error, ET,
308          "division of %0 by -1 cannot be represented in type %1")
309         << LHSVal << Data->Type;
310     break;
311   default:
312     Diag(Loc, DL_Error, ET, "division by zero");
313     break;
314   }
315 }
316 
317 void __ubsan::__ubsan_handle_divrem_overflow(OverflowData *Data,
318                                              ValueHandle LHS, ValueHandle RHS) {
319   GET_REPORT_OPTIONS(false);
320   handleDivremOverflowImpl(Data, LHS, RHS, Opts);
321 }
322 void __ubsan::__ubsan_handle_divrem_overflow_abort(OverflowData *Data,
323                                                     ValueHandle LHS,
324                                                     ValueHandle RHS) {
325   GET_REPORT_OPTIONS(true);
326   handleDivremOverflowImpl(Data, LHS, RHS, Opts);
327   Die();
328 }
329 
330 static void handleShiftOutOfBoundsImpl(ShiftOutOfBoundsData *Data,
331                                        ValueHandle LHS, ValueHandle RHS,
332                                        ReportOptions Opts) {
333   SourceLocation Loc = Data->Loc.acquire();
334   Value LHSVal(Data->LHSType, LHS);
335   Value RHSVal(Data->RHSType, RHS);
336 
337   ErrorType ET;
338   if (RHSVal.isNegative() ||
339       RHSVal.getPositiveIntValue() >= Data->LHSType.getIntegerBitWidth())
340     ET = ErrorType::InvalidShiftExponent;
341   else
342     ET = ErrorType::InvalidShiftBase;
343 
344   if (ignoreReport(Loc, Opts, ET))
345     return;
346 
347   ScopedReport R(Opts, Loc, ET);
348 
349   if (ET == ErrorType::InvalidShiftExponent) {
350     if (RHSVal.isNegative())
351       Diag(Loc, DL_Error, ET, "shift exponent %0 is negative") << RHSVal;
352     else
353       Diag(Loc, DL_Error, ET,
354            "shift exponent %0 is too large for %1-bit type %2")
355           << RHSVal << Data->LHSType.getIntegerBitWidth() << Data->LHSType;
356   } else {
357     if (LHSVal.isNegative())
358       Diag(Loc, DL_Error, ET, "left shift of negative value %0") << LHSVal;
359     else
360       Diag(Loc, DL_Error, ET,
361            "left shift of %0 by %1 places cannot be represented in type %2")
362           << LHSVal << RHSVal << Data->LHSType;
363   }
364 }
365 
366 void __ubsan::__ubsan_handle_shift_out_of_bounds(ShiftOutOfBoundsData *Data,
367                                                  ValueHandle LHS,
368                                                  ValueHandle RHS) {
369   GET_REPORT_OPTIONS(false);
370   handleShiftOutOfBoundsImpl(Data, LHS, RHS, Opts);
371 }
372 void __ubsan::__ubsan_handle_shift_out_of_bounds_abort(
373                                                      ShiftOutOfBoundsData *Data,
374                                                      ValueHandle LHS,
375                                                      ValueHandle RHS) {
376   GET_REPORT_OPTIONS(true);
377   handleShiftOutOfBoundsImpl(Data, LHS, RHS, Opts);
378   Die();
379 }
380 
381 static void handleOutOfBoundsImpl(OutOfBoundsData *Data, ValueHandle Index,
382                                   ReportOptions Opts) {
383   SourceLocation Loc = Data->Loc.acquire();
384   ErrorType ET = ErrorType::OutOfBoundsIndex;
385 
386   if (ignoreReport(Loc, Opts, ET))
387     return;
388 
389   ScopedReport R(Opts, Loc, ET);
390 
391   Value IndexVal(Data->IndexType, Index);
392   Diag(Loc, DL_Error, ET, "index %0 out of bounds for type %1")
393     << IndexVal << Data->ArrayType;
394 }
395 
396 void __ubsan::__ubsan_handle_out_of_bounds(OutOfBoundsData *Data,
397                                            ValueHandle Index) {
398   GET_REPORT_OPTIONS(false);
399   handleOutOfBoundsImpl(Data, Index, Opts);
400 }
401 void __ubsan::__ubsan_handle_out_of_bounds_abort(OutOfBoundsData *Data,
402                                                  ValueHandle Index) {
403   GET_REPORT_OPTIONS(true);
404   handleOutOfBoundsImpl(Data, Index, Opts);
405   Die();
406 }
407 
408 static void handleBuiltinUnreachableImpl(UnreachableData *Data,
409                                          ReportOptions Opts) {
410   ErrorType ET = ErrorType::UnreachableCall;
411   ScopedReport R(Opts, Data->Loc, ET);
412   Diag(Data->Loc, DL_Error, ET,
413        "execution reached an unreachable program point");
414 }
415 
416 void __ubsan::__ubsan_handle_builtin_unreachable(UnreachableData *Data) {
417   GET_REPORT_OPTIONS(true);
418   handleBuiltinUnreachableImpl(Data, Opts);
419   Die();
420 }
421 
422 static void handleMissingReturnImpl(UnreachableData *Data, ReportOptions Opts) {
423   ErrorType ET = ErrorType::MissingReturn;
424   ScopedReport R(Opts, Data->Loc, ET);
425   Diag(Data->Loc, DL_Error, ET,
426        "execution reached the end of a value-returning function "
427        "without returning a value");
428 }
429 
430 void __ubsan::__ubsan_handle_missing_return(UnreachableData *Data) {
431   GET_REPORT_OPTIONS(true);
432   handleMissingReturnImpl(Data, Opts);
433   Die();
434 }
435 
436 static void handleVLABoundNotPositive(VLABoundData *Data, ValueHandle Bound,
437                                       ReportOptions Opts) {
438   SourceLocation Loc = Data->Loc.acquire();
439   ErrorType ET = ErrorType::NonPositiveVLAIndex;
440 
441   if (ignoreReport(Loc, Opts, ET))
442     return;
443 
444   ScopedReport R(Opts, Loc, ET);
445 
446   Diag(Loc, DL_Error, ET, "variable length array bound evaluates to "
447                           "non-positive value %0")
448       << Value(Data->Type, Bound);
449 }
450 
451 void __ubsan::__ubsan_handle_vla_bound_not_positive(VLABoundData *Data,
452                                                     ValueHandle Bound) {
453   GET_REPORT_OPTIONS(false);
454   handleVLABoundNotPositive(Data, Bound, Opts);
455 }
456 void __ubsan::__ubsan_handle_vla_bound_not_positive_abort(VLABoundData *Data,
457                                                           ValueHandle Bound) {
458   GET_REPORT_OPTIONS(true);
459   handleVLABoundNotPositive(Data, Bound, Opts);
460   Die();
461 }
462 
463 static bool looksLikeFloatCastOverflowDataV1(void *Data) {
464   // First field is either a pointer to filename or a pointer to a
465   // TypeDescriptor.
466   u8 *FilenameOrTypeDescriptor;
467   internal_memcpy(&FilenameOrTypeDescriptor, Data,
468                   sizeof(FilenameOrTypeDescriptor));
469 
470   // Heuristic: For float_cast_overflow, the TypeKind will be either TK_Integer
471   // (0x0), TK_Float (0x1) or TK_Unknown (0xff). If both types are known,
472   // adding both bytes will be 0 or 1 (for BE or LE). If it were a filename,
473   // adding two printable characters will not yield such a value. Otherwise,
474   // if one of them is 0xff, this is most likely TK_Unknown type descriptor.
475   u16 MaybeFromTypeKind =
476       FilenameOrTypeDescriptor[0] + FilenameOrTypeDescriptor[1];
477   return MaybeFromTypeKind < 2 || FilenameOrTypeDescriptor[0] == 0xff ||
478          FilenameOrTypeDescriptor[1] == 0xff;
479 }
480 
481 static void handleFloatCastOverflow(void *DataPtr, ValueHandle From,
482                                     ReportOptions Opts) {
483   SymbolizedStackHolder CallerLoc;
484   Location Loc;
485   const TypeDescriptor *FromType, *ToType;
486   ErrorType ET = ErrorType::FloatCastOverflow;
487 
488   if (looksLikeFloatCastOverflowDataV1(DataPtr)) {
489     auto Data = reinterpret_cast<FloatCastOverflowData *>(DataPtr);
490     CallerLoc.reset(getCallerLocation(Opts.pc));
491     Loc = CallerLoc;
492     FromType = &Data->FromType;
493     ToType = &Data->ToType;
494   } else {
495     auto Data = reinterpret_cast<FloatCastOverflowDataV2 *>(DataPtr);
496     SourceLocation SLoc = Data->Loc.acquire();
497     if (ignoreReport(SLoc, Opts, ET))
498       return;
499     Loc = SLoc;
500     FromType = &Data->FromType;
501     ToType = &Data->ToType;
502   }
503 
504   ScopedReport R(Opts, Loc, ET);
505 
506   Diag(Loc, DL_Error, ET,
507        "%0 is outside the range of representable values of type %2")
508       << Value(*FromType, From) << *FromType << *ToType;
509 }
510 
511 void __ubsan::__ubsan_handle_float_cast_overflow(void *Data, ValueHandle From) {
512   GET_REPORT_OPTIONS(false);
513   handleFloatCastOverflow(Data, From, Opts);
514 }
515 void __ubsan::__ubsan_handle_float_cast_overflow_abort(void *Data,
516                                                        ValueHandle From) {
517   GET_REPORT_OPTIONS(true);
518   handleFloatCastOverflow(Data, From, Opts);
519   Die();
520 }
521 
522 static void handleLoadInvalidValue(InvalidValueData *Data, ValueHandle Val,
523                                    ReportOptions Opts) {
524   SourceLocation Loc = Data->Loc.acquire();
525   // This check could be more precise if we used different handlers for
526   // -fsanitize=bool and -fsanitize=enum.
527   bool IsBool = (0 == internal_strcmp(Data->Type.getTypeName(), "'bool'")) ||
528                 (0 == internal_strncmp(Data->Type.getTypeName(), "'BOOL'", 6));
529   ErrorType ET =
530       IsBool ? ErrorType::InvalidBoolLoad : ErrorType::InvalidEnumLoad;
531 
532   if (ignoreReport(Loc, Opts, ET))
533     return;
534 
535   ScopedReport R(Opts, Loc, ET);
536 
537   Diag(Loc, DL_Error, ET,
538        "load of value %0, which is not a valid value for type %1")
539       << Value(Data->Type, Val) << Data->Type;
540 }
541 
542 void __ubsan::__ubsan_handle_load_invalid_value(InvalidValueData *Data,
543                                                 ValueHandle Val) {
544   GET_REPORT_OPTIONS(false);
545   handleLoadInvalidValue(Data, Val, Opts);
546 }
547 void __ubsan::__ubsan_handle_load_invalid_value_abort(InvalidValueData *Data,
548                                                       ValueHandle Val) {
549   GET_REPORT_OPTIONS(true);
550   handleLoadInvalidValue(Data, Val, Opts);
551   Die();
552 }
553 
554 static void handleImplicitConversion(ImplicitConversionData *Data,
555                                      ReportOptions Opts, ValueHandle Src,
556                                      ValueHandle Dst) {
557   SourceLocation Loc = Data->Loc.acquire();
558   const TypeDescriptor &SrcTy = Data->FromType;
559   const TypeDescriptor &DstTy = Data->ToType;
560   bool SrcSigned = SrcTy.isSignedIntegerTy();
561   bool DstSigned = DstTy.isSignedIntegerTy();
562   ErrorType ET = ErrorType::GenericUB;
563 
564   switch (Data->Kind) {
565   case ICCK_IntegerTruncation: { // Legacy, no longer used.
566     // Let's figure out what it should be as per the new types, and upgrade.
567     // If both types are unsigned, then it's an unsigned truncation.
568     // Else, it is a signed truncation.
569     if (!SrcSigned && !DstSigned) {
570       ET = ErrorType::ImplicitUnsignedIntegerTruncation;
571     } else {
572       ET = ErrorType::ImplicitSignedIntegerTruncation;
573     }
574     break;
575   }
576   case ICCK_UnsignedIntegerTruncation:
577     ET = ErrorType::ImplicitUnsignedIntegerTruncation;
578     break;
579   case ICCK_SignedIntegerTruncation:
580     ET = ErrorType::ImplicitSignedIntegerTruncation;
581     break;
582   case ICCK_IntegerSignChange:
583     ET = ErrorType::ImplicitIntegerSignChange;
584     break;
585   case ICCK_SignedIntegerTruncationOrSignChange:
586     ET = ErrorType::ImplicitSignedIntegerTruncationOrSignChange;
587     break;
588   }
589 
590   if (ignoreReport(Loc, Opts, ET))
591     return;
592 
593   ScopedReport R(Opts, Loc, ET);
594 
595   // In the case we have a bitfield, we want to explicitly say so in the
596   // error message.
597   // FIXME: is it possible to dump the values as hex with fixed width?
598   if (Data->BitfieldBits)
599     Diag(Loc, DL_Error, ET,
600          "implicit conversion from type %0 of value %1 (%2-bit, %3signed) to "
601          "type %4 changed the value to %5 (%6-bit bitfield, %7signed)")
602         << SrcTy << Value(SrcTy, Src) << SrcTy.getIntegerBitWidth()
603         << (SrcSigned ? "" : "un") << DstTy << Value(DstTy, Dst)
604         << Data->BitfieldBits << (DstSigned ? "" : "un");
605   else
606     Diag(Loc, DL_Error, ET,
607          "implicit conversion from type %0 of value %1 (%2-bit, %3signed) to "
608          "type %4 changed the value to %5 (%6-bit, %7signed)")
609         << SrcTy << Value(SrcTy, Src) << SrcTy.getIntegerBitWidth()
610         << (SrcSigned ? "" : "un") << DstTy << Value(DstTy, Dst)
611         << DstTy.getIntegerBitWidth() << (DstSigned ? "" : "un");
612 }
613 
614 void __ubsan::__ubsan_handle_implicit_conversion(ImplicitConversionData *Data,
615                                                  ValueHandle Src,
616                                                  ValueHandle Dst) {
617   GET_REPORT_OPTIONS(false);
618   handleImplicitConversion(Data, Opts, Src, Dst);
619 }
620 void __ubsan::__ubsan_handle_implicit_conversion_abort(
621     ImplicitConversionData *Data, ValueHandle Src, ValueHandle Dst) {
622   GET_REPORT_OPTIONS(true);
623   handleImplicitConversion(Data, Opts, Src, Dst);
624   Die();
625 }
626 
627 static void handleInvalidBuiltin(InvalidBuiltinData *Data, ReportOptions Opts) {
628   SourceLocation Loc = Data->Loc.acquire();
629   ErrorType ET = ErrorType::InvalidBuiltin;
630 
631   if (ignoreReport(Loc, Opts, ET))
632     return;
633 
634   ScopedReport R(Opts, Loc, ET);
635 
636   Diag(Loc, DL_Error, ET,
637        "passing zero to %0, which is not a valid argument")
638     << ((Data->Kind == BCK_CTZPassedZero) ? "ctz()" : "clz()");
639 }
640 
641 void __ubsan::__ubsan_handle_invalid_builtin(InvalidBuiltinData *Data) {
642   GET_REPORT_OPTIONS(true);
643   handleInvalidBuiltin(Data, Opts);
644 }
645 void __ubsan::__ubsan_handle_invalid_builtin_abort(InvalidBuiltinData *Data) {
646   GET_REPORT_OPTIONS(true);
647   handleInvalidBuiltin(Data, Opts);
648   Die();
649 }
650 
651 static void handleInvalidObjCCast(InvalidObjCCast *Data, ValueHandle Pointer,
652                                   ReportOptions Opts) {
653   SourceLocation Loc = Data->Loc.acquire();
654   ErrorType ET = ErrorType::InvalidObjCCast;
655 
656   if (ignoreReport(Loc, Opts, ET))
657     return;
658 
659   ScopedReport R(Opts, Loc, ET);
660 
661   const char *GivenClass = getObjCClassName(Pointer);
662   const char *GivenClassStr = GivenClass ? GivenClass : "<unknown type>";
663 
664   Diag(Loc, DL_Error, ET,
665        "invalid ObjC cast, object is a '%0', but expected a %1")
666       << GivenClassStr << Data->ExpectedType;
667 }
668 
669 void __ubsan::__ubsan_handle_invalid_objc_cast(InvalidObjCCast *Data,
670                                                ValueHandle Pointer) {
671   GET_REPORT_OPTIONS(false);
672   handleInvalidObjCCast(Data, Pointer, Opts);
673 }
674 void __ubsan::__ubsan_handle_invalid_objc_cast_abort(InvalidObjCCast *Data,
675                                                      ValueHandle Pointer) {
676   GET_REPORT_OPTIONS(true);
677   handleInvalidObjCCast(Data, Pointer, Opts);
678   Die();
679 }
680 
681 static void handleNonNullReturn(NonNullReturnData *Data, SourceLocation *LocPtr,
682                                 ReportOptions Opts, bool IsAttr) {
683   if (!LocPtr)
684     UNREACHABLE("source location pointer is null!");
685 
686   SourceLocation Loc = LocPtr->acquire();
687   ErrorType ET = IsAttr ? ErrorType::InvalidNullReturn
688                         : ErrorType::InvalidNullReturnWithNullability;
689 
690   if (ignoreReport(Loc, Opts, ET))
691     return;
692 
693   ScopedReport R(Opts, Loc, ET);
694 
695   Diag(Loc, DL_Error, ET,
696        "null pointer returned from function declared to never return null");
697   if (!Data->AttrLoc.isInvalid())
698     Diag(Data->AttrLoc, DL_Note, ET, "%0 specified here")
699         << (IsAttr ? "returns_nonnull attribute"
700                    : "_Nonnull return type annotation");
701 }
702 
703 void __ubsan::__ubsan_handle_nonnull_return_v1(NonNullReturnData *Data,
704                                                SourceLocation *LocPtr) {
705   GET_REPORT_OPTIONS(false);
706   handleNonNullReturn(Data, LocPtr, Opts, true);
707 }
708 
709 void __ubsan::__ubsan_handle_nonnull_return_v1_abort(NonNullReturnData *Data,
710                                                      SourceLocation *LocPtr) {
711   GET_REPORT_OPTIONS(true);
712   handleNonNullReturn(Data, LocPtr, Opts, true);
713   Die();
714 }
715 
716 void __ubsan::__ubsan_handle_nullability_return_v1(NonNullReturnData *Data,
717                                                    SourceLocation *LocPtr) {
718   GET_REPORT_OPTIONS(false);
719   handleNonNullReturn(Data, LocPtr, Opts, false);
720 }
721 
722 void __ubsan::__ubsan_handle_nullability_return_v1_abort(
723     NonNullReturnData *Data, SourceLocation *LocPtr) {
724   GET_REPORT_OPTIONS(true);
725   handleNonNullReturn(Data, LocPtr, Opts, false);
726   Die();
727 }
728 
729 static void handleNonNullArg(NonNullArgData *Data, ReportOptions Opts,
730                              bool IsAttr) {
731   SourceLocation Loc = Data->Loc.acquire();
732   ErrorType ET = IsAttr ? ErrorType::InvalidNullArgument
733                         : ErrorType::InvalidNullArgumentWithNullability;
734 
735   if (ignoreReport(Loc, Opts, ET))
736     return;
737 
738   ScopedReport R(Opts, Loc, ET);
739 
740   Diag(Loc, DL_Error, ET,
741        "null pointer passed as argument %0, which is declared to "
742        "never be null")
743       << Data->ArgIndex;
744   if (!Data->AttrLoc.isInvalid())
745     Diag(Data->AttrLoc, DL_Note, ET, "%0 specified here")
746         << (IsAttr ? "nonnull attribute" : "_Nonnull type annotation");
747 }
748 
749 void __ubsan::__ubsan_handle_nonnull_arg(NonNullArgData *Data) {
750   GET_REPORT_OPTIONS(false);
751   handleNonNullArg(Data, Opts, true);
752 }
753 
754 void __ubsan::__ubsan_handle_nonnull_arg_abort(NonNullArgData *Data) {
755   GET_REPORT_OPTIONS(true);
756   handleNonNullArg(Data, Opts, true);
757   Die();
758 }
759 
760 void __ubsan::__ubsan_handle_nullability_arg(NonNullArgData *Data) {
761   GET_REPORT_OPTIONS(false);
762   handleNonNullArg(Data, Opts, false);
763 }
764 
765 void __ubsan::__ubsan_handle_nullability_arg_abort(NonNullArgData *Data) {
766   GET_REPORT_OPTIONS(true);
767   handleNonNullArg(Data, Opts, false);
768   Die();
769 }
770 
771 static void handlePointerOverflowImpl(PointerOverflowData *Data,
772                                       ValueHandle Base,
773                                       ValueHandle Result,
774                                       ReportOptions Opts) {
775   SourceLocation Loc = Data->Loc.acquire();
776   ErrorType ET;
777 
778   if (Base == 0 && Result == 0)
779     ET = ErrorType::NullptrWithOffset;
780   else if (Base == 0 && Result != 0)
781     ET = ErrorType::NullptrWithNonZeroOffset;
782   else if (Base != 0 && Result == 0)
783     ET = ErrorType::NullptrAfterNonZeroOffset;
784   else
785     ET = ErrorType::PointerOverflow;
786 
787   if (ignoreReport(Loc, Opts, ET))
788     return;
789 
790   ScopedReport R(Opts, Loc, ET);
791 
792   if (ET == ErrorType::NullptrWithOffset) {
793     Diag(Loc, DL_Error, ET, "applying zero offset to null pointer");
794   } else if (ET == ErrorType::NullptrWithNonZeroOffset) {
795     Diag(Loc, DL_Error, ET, "applying non-zero offset %0 to null pointer")
796         << Result;
797   } else if (ET == ErrorType::NullptrAfterNonZeroOffset) {
798     Diag(
799         Loc, DL_Error, ET,
800         "applying non-zero offset to non-null pointer %0 produced null pointer")
801         << (void *)Base;
802   } else if ((sptr(Base) >= 0) == (sptr(Result) >= 0)) {
803     if (Base > Result)
804       Diag(Loc, DL_Error, ET,
805            "addition of unsigned offset to %0 overflowed to %1")
806           << (void *)Base << (void *)Result;
807     else
808       Diag(Loc, DL_Error, ET,
809            "subtraction of unsigned offset from %0 overflowed to %1")
810           << (void *)Base << (void *)Result;
811   } else {
812     Diag(Loc, DL_Error, ET,
813          "pointer index expression with base %0 overflowed to %1")
814         << (void *)Base << (void *)Result;
815   }
816 }
817 
818 void __ubsan::__ubsan_handle_pointer_overflow(PointerOverflowData *Data,
819                                               ValueHandle Base,
820                                               ValueHandle Result) {
821   GET_REPORT_OPTIONS(false);
822   handlePointerOverflowImpl(Data, Base, Result, Opts);
823 }
824 
825 void __ubsan::__ubsan_handle_pointer_overflow_abort(PointerOverflowData *Data,
826                                                     ValueHandle Base,
827                                                     ValueHandle Result) {
828   GET_REPORT_OPTIONS(true);
829   handlePointerOverflowImpl(Data, Base, Result, Opts);
830   Die();
831 }
832 
833 static void handleCFIBadIcall(CFICheckFailData *Data, ValueHandle Function,
834                               ReportOptions Opts) {
835   if (Data->CheckKind != CFITCK_ICall && Data->CheckKind != CFITCK_NVMFCall)
836     Die();
837 
838   SourceLocation Loc = Data->Loc.acquire();
839   ErrorType ET = ErrorType::CFIBadType;
840 
841   if (ignoreReport(Loc, Opts, ET))
842     return;
843 
844   ScopedReport R(Opts, Loc, ET);
845 
846   const char *CheckKindStr = Data->CheckKind == CFITCK_NVMFCall
847                                  ? "non-virtual pointer to member function call"
848                                  : "indirect function call";
849   Diag(Loc, DL_Error, ET,
850        "control flow integrity check for type %0 failed during %1")
851       << Data->Type << CheckKindStr;
852 
853   SymbolizedStackHolder FLoc(getSymbolizedLocation(Function));
854   const char *FName = FLoc.get()->info.function;
855   if (!FName)
856     FName = "(unknown)";
857   Diag(FLoc, DL_Note, ET, "%0 defined here") << FName;
858 
859   // If the failure involved different DSOs for the check location and icall
860   // target, report the DSO names.
861   const char *DstModule = FLoc.get()->info.module;
862   if (!DstModule)
863     DstModule = "(unknown)";
864 
865   const char *SrcModule = Symbolizer::GetOrInit()->GetModuleNameForPc(Opts.pc);
866   if (!SrcModule)
867     SrcModule = "(unknown)";
868 
869   if (internal_strcmp(SrcModule, DstModule))
870     Diag(Loc, DL_Note, ET,
871          "check failed in %0, destination function located in %1")
872         << SrcModule << DstModule;
873 }
874 
875 namespace __ubsan {
876 
877 #ifdef UBSAN_CAN_USE_CXXABI
878 
879 #ifdef _WIN32
880 
881 extern "C" void __ubsan_handle_cfi_bad_type_default(CFICheckFailData *Data,
882                                                     ValueHandle Vtable,
883                                                     bool ValidVtable,
884                                                     ReportOptions Opts) {
885   Die();
886 }
887 
888 WIN_WEAK_ALIAS(__ubsan_handle_cfi_bad_type, __ubsan_handle_cfi_bad_type_default)
889 #else
890 SANITIZER_WEAK_ATTRIBUTE
891 #endif
892 void __ubsan_handle_cfi_bad_type(CFICheckFailData *Data, ValueHandle Vtable,
893                                  bool ValidVtable, ReportOptions Opts);
894 
895 #else
896 void __ubsan_handle_cfi_bad_type(CFICheckFailData *Data, ValueHandle Vtable,
897                                  bool ValidVtable, ReportOptions Opts) {
898   Die();
899 }
900 #endif
901 
902 }  // namespace __ubsan
903 
904 void __ubsan::__ubsan_handle_cfi_check_fail(CFICheckFailData *Data,
905                                             ValueHandle Value,
906                                             uptr ValidVtable) {
907   GET_REPORT_OPTIONS(false);
908   if (Data->CheckKind == CFITCK_ICall || Data->CheckKind == CFITCK_NVMFCall)
909     handleCFIBadIcall(Data, Value, Opts);
910   else
911     __ubsan_handle_cfi_bad_type(Data, Value, ValidVtable, Opts);
912 }
913 
914 void __ubsan::__ubsan_handle_cfi_check_fail_abort(CFICheckFailData *Data,
915                                                   ValueHandle Value,
916                                                   uptr ValidVtable) {
917   GET_REPORT_OPTIONS(true);
918   if (Data->CheckKind == CFITCK_ICall || Data->CheckKind == CFITCK_NVMFCall)
919     handleCFIBadIcall(Data, Value, Opts);
920   else
921     __ubsan_handle_cfi_bad_type(Data, Value, ValidVtable, Opts);
922   Die();
923 }
924 
925 static bool handleFunctionTypeMismatch(FunctionTypeMismatchData *Data,
926                                        ValueHandle Function,
927                                        ReportOptions Opts) {
928   SourceLocation CallLoc = Data->Loc.acquire();
929   ErrorType ET = ErrorType::FunctionTypeMismatch;
930   if (ignoreReport(CallLoc, Opts, ET))
931     return true;
932 
933   ScopedReport R(Opts, CallLoc, ET);
934 
935   SymbolizedStackHolder FLoc(getSymbolizedLocation(Function));
936   const char *FName = FLoc.get()->info.function;
937   if (!FName)
938     FName = "(unknown)";
939 
940   Diag(CallLoc, DL_Error, ET,
941        "call to function %0 through pointer to incorrect function type %1")
942       << FName << Data->Type;
943   Diag(FLoc, DL_Note, ET, "%0 defined here") << FName;
944   return true;
945 }
946 
947 void __ubsan::__ubsan_handle_function_type_mismatch(
948     FunctionTypeMismatchData *Data, ValueHandle Function) {
949   GET_REPORT_OPTIONS(false);
950   handleFunctionTypeMismatch(Data, Function, Opts);
951 }
952 
953 void __ubsan::__ubsan_handle_function_type_mismatch_abort(
954     FunctionTypeMismatchData *Data, ValueHandle Function) {
955   GET_REPORT_OPTIONS(true);
956   if (handleFunctionTypeMismatch(Data, Function, Opts))
957     Die();
958 }
959 
960 #endif  // CAN_SANITIZE_UB
961