[clang] Implement -fstrict-bool

``bool`` values are stored as i8 in memory, and it is undefined
behavior for a ``bool`` value to be any value other than 0 or 1. Clang
exploits this with range metadata: ``bool`` load instructions at any
optimization level above -O0 are assumed to only have their lowest bit
set. This can create memory safety problems when other bits are set,
for instance through ``memcpy``.

This change adds a ``-f[no-]strict-bool`` option that controls this
behavior. It is enabled by default in order to not upset the status quo,
except in the Darwin driver when passing -mkernel.

Radar-ID: 139397212

Author: apple-fcloutier

clang/docs/UsersManual.rst

@@ -2179,6 +2179,11 @@ are listed below.
 
    This option is currently experimental.
 
+.. option:: -f[no-]strict-bool
+
+    Enable optimizations based on the assumption that all ``bool`` values have
+    a bit pattern of either 0 or 1. Enabled by default.
+
 .. option:: -fstrict-vtable-pointers
 
    Enable optimizations based on the strict rules for overwriting polymorphic

clang/include/clang/Basic/CodeGenOptions.def

@@ -311,6 +311,7 @@ CODEGENOPT(SimplifyLibCalls  , 1, 1) ///< Set when -fbuiltin is enabled.
 CODEGENOPT(SoftFloat         , 1, 0) ///< -soft-float.
 CODEGENOPT(SpeculativeLoadHardening, 1, 0) ///< Enable speculative load hardening.
 CODEGENOPT(FineGrainedBitfieldAccesses, 1, 0) ///< Enable fine-grained bitfield accesses.
+CODEGENOPT(StrictBool        , 1, 1) ///< Optimize based on bool bit patterns being either 0 or 1.
 CODEGENOPT(StrictEnums       , 1, 0) ///< Optimize based on strict enum definition.
 CODEGENOPT(StrictVTablePointers, 1, 0) ///< Optimize based on the strict vtable pointers
 CODEGENOPT(TimePasses        , 1, 0) ///< Set when -ftime-report or -ftime-report= is enabled.

clang/include/clang/Driver/Options.td

@@ -3970,6 +3970,12 @@ def fno_debug_macro : Flag<["-"], "fno-debug-macro">, Group<f_Group>,
 def fstrict_aliasing : Flag<["-"], "fstrict-aliasing">, Group<f_Group>,
   Visibility<[ClangOption, CLOption, DXCOption]>,
   HelpText<"Enable optimizations based on strict aliasing rules">;
+defm strict_bool : BoolFOption<"strict-bool",
+  CodeGenOpts<"StrictBool">, DefaultTrue,
+  PosFlag<SetTrue, [], [ClangOption, CC1Option], "Enable ">,
+  NegFlag<SetFalse, [], [ClangOption, CC1Option], "Disable ">,
+  BothFlags<[], [ClangOption], "optimizations based on bool bit patterns never "
+    "being anything other than 0 or 1">>;
 def fstrict_enums : Flag<["-"], "fstrict-enums">, Group<f_Group>,
   Visibility<[ClangOption, CC1Option]>,
   HelpText<"Enable optimizations based on the strict definition of an enum's "

clang/lib/CodeGen/CGExpr.cpp

@@ -1896,16 +1896,18 @@ static bool hasBooleanRepresentation(QualType Ty) {
   return false;
 }
 
-static bool getRangeForType(CodeGenFunction &CGF, QualType Ty,
-                            llvm::APInt &Min, llvm::APInt &End,
-                            bool StrictEnums, bool IsBool) {
+static bool getRangeForType(CodeGenFunction &CGF, QualType Ty, llvm::APInt &Min,
+                            llvm::APInt &End, bool StrictEnums, bool StrictBool,
+                            bool IsBool) {
   const EnumType *ET = Ty->getAs<EnumType>();
   bool IsRegularCPlusPlusEnum = CGF.getLangOpts().CPlusPlus && StrictEnums &&
                                 ET && !ET->getDecl()->isFixed();
   if (!IsBool && !IsRegularCPlusPlusEnum)
     return false;
 
   if (IsBool) {
+    if (!StrictBool)
+      return false;
     Min = llvm::APInt(CGF.getContext().getTypeSize(Ty), 0);
     End = llvm::APInt(CGF.getContext().getTypeSize(Ty), 2);
   } else {
@@ -1918,6 +1920,7 @@ static bool getRangeForType(CodeGenFunction &CGF, QualType Ty,
 llvm::MDNode *CodeGenFunction::getRangeForLoadFromType(QualType Ty) {
   llvm::APInt Min, End;
   if (!getRangeForType(*this, Ty, Min, End, CGM.getCodeGenOpts().StrictEnums,
+                       CGM.getCodeGenOpts().StrictBool,
                        hasBooleanRepresentation(Ty)))
     return nullptr;
 
@@ -1951,7 +1954,8 @@ bool CodeGenFunction::EmitScalarRangeCheck(llvm::Value *Value, QualType Ty,
     return false;
 
   llvm::APInt Min, End;
-  if (!getRangeForType(*this, Ty, Min, End, /*StrictEnums=*/true, IsBool))
+  if (!getRangeForType(*this, Ty, Min, End, /*StrictEnums=*/true,
+                       /*StrctBool=*/true, IsBool))
     return true;
 
   auto &Ctx = getLLVMContext();

clang/lib/Driver/ToolChains/Clang.cpp

@@ -5938,6 +5938,8 @@ void Clang::ConstructJob(Compilation &C, const JobAction &JA,
   if (!Args.hasFlag(options::OPT_fstruct_path_tbaa,
                     options::OPT_fno_struct_path_tbaa, true))
     CmdArgs.push_back("-no-struct-path-tbaa");
+  Args.addOptOutFlag(CmdArgs, options::OPT_fstrict_bool,
+                     options::OPT_fno_strict_bool);
   Args.addOptInFlag(CmdArgs, options::OPT_fstrict_enums,
                     options::OPT_fno_strict_enums);
   Args.addOptOutFlag(CmdArgs, options::OPT_fstrict_return,
@@ -6052,6 +6054,10 @@ void Clang::ConstructJob(Compilation &C, const JobAction &JA,
   if (!RawTriple.isOSDarwin() && !RawTriple.isNVPTX())
     CmdArgs.push_back("-mconstructor-aliases");
 
+  // Assume -fno-strict-bool in the Darwin kernel.
+  if (KernelOrKext)
+    CmdArgs.push_back("-fno-strict-bool");
+
   // Darwin's kernel doesn't support guard variables; just die if we
   // try to use them.
   if (KernelOrKext && RawTriple.isOSDarwin())

clang/test/CodeGen/strict-bool.c

@@ -0,0 +1,18 @@
+// RUN: %clang_cc1 -triple armv7-apple-darwin -O1 -fstrict-bool -emit-llvm -o - %s | FileCheck %s -check-prefix=CHECK-STRICT
+// RUN: %clang_cc1 -triple armv7-apple-darwin -O1 -fno-strict-bool -emit-llvm -o - %s | FileCheck %s -check-prefix=CHECK-NO-STRICT
+// RUN: %clang -target armv7-apple-darwin -O1 -mkernel -S -emit-llvm -o - %s | FileCheck %s -check-prefix=CHECK-NO-STRICT
+
+struct has_bool {
+    _Bool b;
+};
+
+int foo(struct has_bool *b) {
+    // CHECK-STRICT: load i8, {{.*}}, !range ![[RANGE_BOOL:[0-9]+]]
+    // CHECK-STRICT-NOT: and i8
+
+    // CHECK-NO-STRICT: [[BOOL:%.+]] = load i8
+    // CHECK-NO-STRICT: and i8 [[BOOL]], 1
+    return b->b;
+}
+
+// CHECK_STRICT: ![[RANGE_BOOL]] = !{i8 0, i8 2}