This is an archive of the discontinued LLVM Phabricator instance.

Differential D15367

Cross-DSO control flow integrity (Clang part)
ClosedPublic

Authored by eugenis on Dec 8 2015, 6:26 PM.

Details

Reviewers
kcc
pcc
Summary

Clang-side cross-DSO CFI.

  • Enabled with -fsanitize-cfi-cross-dso
  • uses a runtime library, unlike "plain" CFI
  • does not yet support diagnostics
  • Emits __cfi_slowpath calls if bitset test fails. This routes the check to the target module, which may know more about the runtime type of the object or function.
  • Set a module flag to enable __cfi_check generation during LTO.

Diff Detail

Repository
rL LLVM

Event Timeline

eugenis updated this revision to Diff 42261.Dec 8 2015, 6:26 PM
eugenis retitled this revision from to Cross-DSO control flow integrity (Clang part).
eugenis updated this object.
eugenis added reviewers: kcc, pcc.
eugenis set the repository for this revision to rL LLVM.
eugenis added a subscriber: cfe-commits.
pcc added inline comments.Dec 9 2015, 2:46 PM
lib/CodeGen/CGExpr.cpp
2557

What happens if MD is not an MDString?

lib/CodeGen/CodeGenModule.cpp
1038

I would move the logic back here and make the check for definedness etc explicit. We shouldn't emit a bitset entry if the function has available_externally linkage for example.

eugenis mentioned this in D15365: Cross-DSO control flow integrity (LLVM part).Dec 11 2015, 2:25 PM
eugenis updated this revision to Diff 42607.Dec 11 2015, 4:41 PM
eugenis marked an inline comment as done.
eugenis added inline comments.
lib/CodeGen/CGExpr.cpp
2557

assert + check on the caller side

pcc added inline comments.Dec 11 2015, 5:52 PM
lib/CodeGen/CGClass.cpp
2585

This could be an early return.

lib/CodeGen/CGExpr.cpp
2560

Use cast instead of dyn_cast/assert (but see my other comment).

3864

Early return.

lib/CodeGen/CodeGenModule.cpp
1037

This is a little hard to read and probably needs to go back into a function with early returns. Sorry, my bad. I also think the logic for available_externally is wrong (please add a test case).

1041

This isn't handling function types with internal linkage.

We can probably do this more consistently (e.g. by introducing a function that takes a Metadata from CreateMetadataIdentifierForType and returns a ConstantInt or nullptr if none suitable, and using it here, in callers of EmitCfiSlowPathCheck and in CreateVTableBitSetEntry).

eugenis updated this revision to Diff 42782.Dec 14 2015, 2:44 PM
eugenis marked 3 inline comments as done.
eugenis added inline comments.
lib/CodeGen/CGExpr.cpp
3864

It's too early to return.

lib/CodeGen/CodeGenModule.cpp
1037

Moved out to a function. Added a testcase. Looks like available_externally is handled correctly.

pcc edited edge metadata.Dec 14 2015, 3:00 PM

Please add documentation. At the very least please document flags in docs/ControlFlowIntegrity.rst and docs/UsersManual.rst. We should also document the design in docs/ControlFlowIntegrityDesign.rst.

lib/CodeGen/CGExpr.cpp
3864

Yes, sorry.

lib/CodeGen/CodeGenModule.cpp
1037

Yes, that's because you fixed it :)

1041

What about callers of EmitCfiSlowPathCheck?

eugenis updated this revision to Diff 42806.Dec 14 2015, 5:15 PM
eugenis edited edge metadata.
eugenis marked 2 inline comments as done.

added some docs

lib/CodeGen/CodeGenModule.cpp
1041

updated

1041

fixed

eugenis updated this revision to Diff 42902.Dec 15 2015, 1:37 PM

added the new flag to UserManual

pcc accepted this revision.Dec 15 2015, 2:23 PM
pcc edited edge metadata.

LGTM modulo some wordsmithing in the documentation.

docs/ControlFlowIntegrity.rst
31

"Experimental support for". Please also mention that the ABI is unstable.

32

"exists"

docs/ControlFlowIntegrityDesign.rst
375

"The basic CFI mode"

377

"hierarchy"; "at link time"

389

"comparable"

390

"from an instrumented DSO"

392

same

426

"It is possible, but unlikely, that collisions"

446

"is a"

450

I wouldn't claim this is "for performance reasons" unless we have data to back it up. I would remove this paragraph and mention the alignment in the next section.

include/clang/Driver/Options.td
628

"Disable"

This revision is now accepted and ready to land.Dec 15 2015, 2:23 PM
eugenis updated this revision to Diff 42914.Dec 15 2015, 2:40 PM
eugenis edited edge metadata.
eugenis marked 10 inline comments as done.
eugenis added inline comments.
docs/ControlFlowIntegrityDesign.rst
389

That changes the meaning of the sentence. I've changed the wording in a different way.

pcc added a comment.Dec 15 2015, 2:46 PM

LGTM

docs/ControlFlowIntegrityDesign.rst
389

"with a performance penalty"

eugenis updated this revision to Diff 42918.Dec 15 2015, 2:48 PM
eugenis marked an inline comment as done.
eugenis closed this revision.Dec 15 2015, 3:04 PM

r255694

Revision Contents

PathSize
docs/
22 lines
131 lines
6 lines
include/
clang/
Driver/
6 lines
2 lines
Frontend/
1 line
lib/
CodeGen/
19 lines
50 lines
5 lines
5 lines
14 lines
102 lines
13 lines
Driver/
19 lines
2 lines
Frontend/
1 line
test/
CodeGen/
49 lines
CodeGenCXX/
45 lines
Driver/
9 lines
40 lines

Diff 42918

docs/ControlFlowIntegrity.rst

Show All 18 Lines
program's control flow. These schemes have been optimized for performance, program's control flow. These schemes have been optimized for performance,
allowing developers to enable them in release builds. allowing developers to enable them in release builds.
To enable Clang's available CFI schemes, use the flag ``-fsanitize=cfi``. To enable Clang's available CFI schemes, use the flag ``-fsanitize=cfi``.
You can also enable a subset of available :ref:`schemes <cfi-schemes>`. You can also enable a subset of available :ref:`schemes <cfi-schemes>`.
As currently implemented, all schemes rely on link-time optimization (LTO); As currently implemented, all schemes rely on link-time optimization (LTO);
so it is required to specify ``-flto``, and the linker used must support LTO, so it is required to specify ``-flto``, and the linker used must support LTO,
for example via the `gold plugin`_. for example via the `gold plugin`_.
To allow the checks to be implemented efficiently, the program must
be structured such that certain object files are compiled with CFI enabled, To allow the checks to be implemented efficiently, the program must be
and are statically linked into the program. This may preclude the use of structured such that certain object files are compiled with CFI
shared libraries in some cases. enabled, and are statically linked into the program. This may preclude
the use of shared libraries in some cases. Experimental support for
pccUnsubmitted
Done
ReplyInline Actions

"Experimental support for". Please also mention that the ABI is unstable.

pcc: "Experimental support for". Please also mention that the ABI is unstable.
:ref:`cross-DSO control flow integrity <cfi-cross-dso>` exists that
pccUnsubmitted
Done
ReplyInline Actions

"exists"

pcc: "exists"
does not have these requirements. This cross-DSO support has unstable
ABI at this time.
.. _gold plugin: http://llvm.org/docs/GoldPlugin.html .. _gold plugin: http://llvm.org/docs/GoldPlugin.html
.. _cfi-schemes: .. _cfi-schemes:
Available schemes Available schemes
================= =================
▲ Show 20 LinesShow All 201 Lines▼ Show 20 Lines.. code-block:: bash
src:bad_header.h src:bad_header.h
# Ignore all functions with names containing MyFooBar. # Ignore all functions with names containing MyFooBar.
fun:*MyFooBar* fun:*MyFooBar*
# Ignore all types in the standard library. # Ignore all types in the standard library.
type:std::* type:std::*
# Ignore all types with a uuid attribute. # Ignore all types with a uuid attribute.
type:attr:uuid type:attr:uuid
.. _cfi-cross-dso:
Shared library support
======================
Use **-f[no-]sanitize-cfi-cross-dso** to enable the cross-DSO control
flow integrity mode, which allows all CFI schemes listed above to
apply across DSO boundaries. As in the regular CFI, each DSO must be
built with ``-flto``.
Design Design
====== ======
Please refer to the :doc:`design document<ControlFlowIntegrityDesign>`. Please refer to the :doc:`design document<ControlFlowIntegrityDesign>`.
Publications Publications
============ ============
`Control-Flow Integrity: Principles, Implementations, and Applications <http://research.microsoft.com/pubs/64250/ccs05.pdf>`_. `Control-Flow Integrity: Principles, Implementations, and Applications <http://research.microsoft.com/pubs/64250/ccs05.pdf>`_.
Martin Abadi, Mihai Budiu, Úlfar Erlingsson, Jay Ligatti. Martin Abadi, Mihai Budiu, Úlfar Erlingsson, Jay Ligatti.
`Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM <http://www.pcc.me.uk/~peter/acad/usenix14.pdf>`_. `Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM <http://www.pcc.me.uk/~peter/acad/usenix14.pdf>`_.
Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway,
Úlfar Erlingsson, Luis Lozano, Geoff Pike. Úlfar Erlingsson, Luis Lozano, Geoff Pike.

docs/ControlFlowIntegrityDesign.rst

Show First 20 LinesShow All 360 Lines▼ Show 20 Lines.. code-block:: none
mov h, %ecx mov h, %ecx
ret ret
Because the addresses of ``f``, ``g``, ``h`` are evenly spaced at a power of Because the addresses of ``f``, ``g``, ``h`` are evenly spaced at a power of
2, and function types do not overlap (unlike class types with base classes), 2, and function types do not overlap (unlike class types with base classes),
we can normally apply the `Alignment`_ and `Eliminating Bit Vector Checks we can normally apply the `Alignment`_ and `Eliminating Bit Vector Checks
for All-Ones Bit Vectors`_ optimizations thus simplifying the check at each for All-Ones Bit Vectors`_ optimizations thus simplifying the check at each
call site to a range and alignment check. call site to a range and alignment check.
Shared library support
======================
**EXPERIMENTAL**
The basic CFI mode described above assumes that the application is a
pccUnsubmitted
Done
ReplyInline Actions

"The basic CFI mode"

pcc: "The basic CFI mode"
monolithic binary; at least that all possible virtual/indirect call
targets and the entire class hierarchy are known at link time. The
pccUnsubmitted
Done
ReplyInline Actions

"hierarchy"; "at link time"

pcc: "hierarchy"; "at link time"
cross-DSO mode, enabled with **-f[no-]sanitize-cfi-cross-dso** relaxes
this requirement by allowing virtual and indirect calls to cross the
DSO boundary.
Assuming the following setup: the binary consists of several
instrumented and several uninstrumented DSOs. Some of them may be
dlopen-ed/dlclose-d periodically, even frequently.
- Calls made from uninstrumented DSOs are not checked and just work.
- Calls inside any instrumented DSO are fully protected.
- Calls between different instrumented DSOs are also protected, with
a performance penalty (in addition to the monolithic CFI
pccUnsubmitted
Not Done
ReplyInline Actions

"comparable"

pcc: "comparable"
eugenisAuthorUnsubmitted
Not Done
ReplyInline Actions

That changes the meaning of the sentence. I've changed the wording in a different way.

eugenis: That changes the meaning of the sentence. I've changed the wording in a different way.
pccUnsubmitted
Done
ReplyInline Actions

"with a performance penalty"

pcc: "with a performance penalty"
overhead).
pccUnsubmitted
Done
ReplyInline Actions

"from an instrumented DSO"

pcc: "from an instrumented DSO"
- Calls from an instrumented DSO to an uninstrumented one are
unchecked and just work, with performance penalty.
pccUnsubmitted
Done
ReplyInline Actions

same

pcc: same
- Calls from an instrumented DSO outside of any known DSO are
detected as CFI violations.
In the monolithic scheme a call site is instrumented as
.. code-block:: none
if (!InlinedFastCheck(f))
abort();
call *f
In the cross-DSO scheme it becomes
.. code-block:: none
if (!InlinedFastCheck(f))
__cfi_slowpath(CallSiteTypeId, f);
call *f
CallSiteTypeId
--------------
``CallSiteTypeId`` is a stable process-wide identifier of the
call-site type. For a virtual call site, the type in question is the class
type; for an indirect function call it is the function signature. The
mapping from a type to an identifier is an ABI detail. In the current,
experimental, implementation the identifier of type T is calculated as
follows:
- Obtain the mangled name for "typeinfo name for T".
- Calculate MD5 hash of the name as a string.
- Reinterpret the first 8 bytes of the hash as a little-endian
64-bit integer.
pccUnsubmitted
Done
ReplyInline Actions

"It is possible, but unlikely, that collisions"

pcc: "It is possible, but unlikely, that collisions"
It is possible, but unlikely, that collisions in the
``CallSiteTypeId`` hashing will result in weaker CFI checks that would
still be conservatively correct.
CFI_Check
---------
In the general case, only the target DSO knows whether the call to
function ``f`` with type ``CallSiteTypeId`` is valid or not. To
export this information, every DSO implements
.. code-block:: none
void __cfi_check(uint64 CallSiteTypeId, void *TargetAddr)
This function provides external modules with access to CFI checks for
the targets inside this DSO. For each known ``CallSiteTypeId``, this
functions performs an ``llvm.bitset.test`` with the corresponding bit
set. It aborts if the type is unknown, or if the check fails.
pccUnsubmitted
Done
ReplyInline Actions

"is a"

pcc: "is a"
The basic implementation is a large switch statement over all values
of CallSiteTypeId supported by this DSO, and each case is similar to
the InlinedFastCheck() in the basic CFI mode.
pccUnsubmitted
Done
ReplyInline Actions

I wouldn't claim this is "for performance reasons" unless we have data to back it up. I would remove this paragraph and mention the alignment in the next section.

pcc: I wouldn't claim this is "for performance reasons" unless we have data to back it up. I would…
CFI Shadow
----------
To route CFI checks to the target DSO's __cfi_check function, a
mapping from possible virtual / indirect call targets to
the corresponding __cfi_check functions is maintained. This mapping is
implemented as a sparse array of 2 bytes for every possible page (4096
bytes) of memory. The table is kept readonly (FIXME: not yet) most of
the time.
There are 3 types of shadow values:
- Address in a CFI-instrumented DSO.
- Unchecked address (a “trusted” non-instrumented DSO). Encoded as
value 0xFFFF.
- Invalid address (everything else). Encoded as value 0.
For a CFI-instrumented DSO, a shadow value encodes the address of the
__cfi_check function for all call targets in the corresponding memory
page. If Addr is the target address, and V is the shadow value, then
the address of __cfi_check is calculated as
.. code-block:: none
__cfi_check = AlignUpTo(Addr, 4096) - (V + 1) * 4096
This works as long as __cfi_check is aligned by 4096 bytes and located
below any call targets in its DSO, but not more than 256MB apart from
them.
CFI_SlowPath
------------
The slow path check is implemented in compiler-rt library as
.. code-block:: none
void __cfi_slowpath(uint64 CallSiteTypeId, void *TargetAddr)
This functions loads a shadow value for ``TargetAddr``, finds the
address of __cfi_check as described above and calls that.
Position-independent executable requirement
-------------------------------------------
Cross-DSO CFI mode requires that the main executable is built as PIE.
In non-PIE executables the address of an external function (taken from
the main executable) is the address of that function’s PLT record in
the main executable. This would break the CFI checks.

docs/UsersManual.rst

Show First 20 LinesShow All 1,036 Lines▼ Show 20 Lines**-f[no-]sanitize-coverage=[type,features,...]**
Enable simple code coverage in addition to certain sanitizers. Enable simple code coverage in addition to certain sanitizers.
See :doc:`SanitizerCoverage` for more details. See :doc:`SanitizerCoverage` for more details.
.. option:: -fsanitize-undefined-trap-on-error .. option:: -fsanitize-undefined-trap-on-error
Deprecated alias for ``-fsanitize-trap=undefined``. Deprecated alias for ``-fsanitize-trap=undefined``.
.. option:: -fsanitize-cfi-cross-dso
Enable cross-DSO control flow integrity checks. This flag modifies
the behavior of sanitizers in the ``cfi`` group to allow checking
of cross-DSO virtual and indirect calls.
.. option:: -fno-assume-sane-operator-new .. option:: -fno-assume-sane-operator-new
Don't assume that the C++'s new operator is sane. Don't assume that the C++'s new operator is sane.
This option tells the compiler to do not assume that C++'s global This option tells the compiler to do not assume that C++'s global
new operator will always return a pointer that does not alias any new operator will always return a pointer that does not alias any
other pointer when the function returns. other pointer when the function returns.
▲ Show 20 LinesShow All 1,096 LinesShow Last 20 Lines

include/clang/Driver/Options.td

Show First 20 LinesShow All 614 Lines▼ Show 20 Linesdef fno_sanitize_trap_EQ : CommaJoined<["-"], "fno-sanitize-trap=">, Group<f_clang_Group>,
Flags<[CoreOption]>, Flags<[CoreOption]>,
HelpText<"Disable trapping for specified sanitizers">; HelpText<"Disable trapping for specified sanitizers">;
def fsanitize_undefined_trap_on_error : Flag<["-"], "fsanitize-undefined-trap-on-error">, def fsanitize_undefined_trap_on_error : Flag<["-"], "fsanitize-undefined-trap-on-error">,
Group<f_clang_Group>; Group<f_clang_Group>;
def fno_sanitize_undefined_trap_on_error : Flag<["-"], "fno-sanitize-undefined-trap-on-error">, def fno_sanitize_undefined_trap_on_error : Flag<["-"], "fno-sanitize-undefined-trap-on-error">,
Group<f_clang_Group>; Group<f_clang_Group>;
def fsanitize_link_cxx_runtime : Flag<["-"], "fsanitize-link-c++-runtime">, def fsanitize_link_cxx_runtime : Flag<["-"], "fsanitize-link-c++-runtime">,
Group<f_clang_Group>; Group<f_clang_Group>;
def fsanitize_cfi_cross_dso : Flag<["-"], "fsanitize-cfi-cross-dso">,
Group<f_clang_Group>, Flags<[CC1Option]>,
HelpText<"Enable control flow integrity (CFI) checks for cross-DSO calls.">;
def fno_sanitize_cfi_cross_dso : Flag<["-"], "fno-sanitize-cfi-cross-dso">,
Group<f_clang_Group>, Flags<[CC1Option]>,
HelpText<"Disable control flow integrity (CFI) checks for cross-DSO calls.">;
pccUnsubmitted
Done
ReplyInline Actions

"Disable"

pcc: "Disable"
def funsafe_math_optimizations : Flag<["-"], "funsafe-math-optimizations">, def funsafe_math_optimizations : Flag<["-"], "funsafe-math-optimizations">,
Group<f_Group>; Group<f_Group>;
def fno_unsafe_math_optimizations : Flag<["-"], "fno-unsafe-math-optimizations">, def fno_unsafe_math_optimizations : Flag<["-"], "fno-unsafe-math-optimizations">,
Group<f_Group>; Group<f_Group>;
def fassociative_math : Flag<["-"], "fassociative-math">, Group<f_Group>; def fassociative_math : Flag<["-"], "fassociative-math">, Group<f_Group>;
def fno_associative_math : Flag<["-"], "fno-associative-math">, Group<f_Group>; def fno_associative_math : Flag<["-"], "fno-associative-math">, Group<f_Group>;
def freciprocal_math : def freciprocal_math :
Flag<["-"], "freciprocal-math">, Group<f_Group>, Flags<[CC1Option]>, Flag<["-"], "freciprocal-math">, Group<f_Group>, Flags<[CC1Option]>,
▲ Show 20 LinesShow All 1,468 LinesShow Last 20 Lines

include/clang/Driver/SanitizerArgs.h

Show All 25 Linesclass SanitizerArgs {
SanitizerSet RecoverableSanitizers; SanitizerSet RecoverableSanitizers;
SanitizerSet TrapSanitizers; SanitizerSet TrapSanitizers;
std::vector<std::string> BlacklistFiles; std::vector<std::string> BlacklistFiles;
std::vector<std::string> ExtraDeps; std::vector<std::string> ExtraDeps;
int CoverageFeatures; int CoverageFeatures;
int MsanTrackOrigins; int MsanTrackOrigins;
bool MsanUseAfterDtor; bool MsanUseAfterDtor;
bool CfiCrossDso;
int AsanFieldPadding; int AsanFieldPadding;
bool AsanSharedRuntime; bool AsanSharedRuntime;
bool LinkCXXRuntimes; bool LinkCXXRuntimes;
bool NeedPIE; bool NeedPIE;
public: public:
/// Parses the sanitizer arguments from an argument list. /// Parses the sanitizer arguments from an argument list.
SanitizerArgs(const ToolChain &TC, const llvm::opt::ArgList &Args); SanitizerArgs(const ToolChain &TC, const llvm::opt::ArgList &Args);
bool needsAsanRt() const { return Sanitizers.has(SanitizerKind::Address); } bool needsAsanRt() const { return Sanitizers.has(SanitizerKind::Address); }
bool needsSharedAsanRt() const { return AsanSharedRuntime; } bool needsSharedAsanRt() const { return AsanSharedRuntime; }
bool needsTsanRt() const { return Sanitizers.has(SanitizerKind::Thread); } bool needsTsanRt() const { return Sanitizers.has(SanitizerKind::Thread); }
bool needsMsanRt() const { return Sanitizers.has(SanitizerKind::Memory); } bool needsMsanRt() const { return Sanitizers.has(SanitizerKind::Memory); }
bool needsLsanRt() const { bool needsLsanRt() const {
return Sanitizers.has(SanitizerKind::Leak) && return Sanitizers.has(SanitizerKind::Leak) &&
!Sanitizers.has(SanitizerKind::Address); !Sanitizers.has(SanitizerKind::Address);
} }
bool needsUbsanRt() const; bool needsUbsanRt() const;
bool needsDfsanRt() const { return Sanitizers.has(SanitizerKind::DataFlow); } bool needsDfsanRt() const { return Sanitizers.has(SanitizerKind::DataFlow); }
bool needsSafeStackRt() const { bool needsSafeStackRt() const {
return Sanitizers.has(SanitizerKind::SafeStack); return Sanitizers.has(SanitizerKind::SafeStack);
} }
bool needsCfiRt() const;
bool requiresPIE() const; bool requiresPIE() const;
bool needsUnwindTables() const; bool needsUnwindTables() const;
bool linkCXXRuntimes() const { return LinkCXXRuntimes; } bool linkCXXRuntimes() const { return LinkCXXRuntimes; }
void addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args, void addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
llvm::opt::ArgStringList &CmdArgs, types::ID InputType) const; llvm::opt::ArgStringList &CmdArgs, types::ID InputType) const;
private: private:
void clear(); void clear();
}; };
} // namespace driver } // namespace driver
} // namespace clang } // namespace clang
#endif #endif

include/clang/Frontend/CodeGenOptions.def

Show First 20 LinesShow All 114 Lines▼ Show 20 Lines
CODEGENOPT(StructPathTBAA , 1, 0) ///< Whether or not to use struct-path TBAA. CODEGENOPT(StructPathTBAA , 1, 0) ///< Whether or not to use struct-path TBAA.
CODEGENOPT(SaveTempLabels , 1, 0) ///< Save temporary labels. CODEGENOPT(SaveTempLabels , 1, 0) ///< Save temporary labels.
CODEGENOPT(SanitizeAddressZeroBaseShadow , 1, 0) ///< Map shadow memory at zero CODEGENOPT(SanitizeAddressZeroBaseShadow , 1, 0) ///< Map shadow memory at zero
///< offset in AddressSanitizer. ///< offset in AddressSanitizer.
CODEGENOPT(SanitizeMemoryTrackOrigins, 2, 0) ///< Enable tracking origins in CODEGENOPT(SanitizeMemoryTrackOrigins, 2, 0) ///< Enable tracking origins in
///< MemorySanitizer ///< MemorySanitizer
CODEGENOPT(SanitizeMemoryUseAfterDtor, 1, 0) ///< Enable use-after-delete detection CODEGENOPT(SanitizeMemoryUseAfterDtor, 1, 0) ///< Enable use-after-delete detection
///< in MemorySanitizer ///< in MemorySanitizer
CODEGENOPT(SanitizeCfiCrossDso, 1, 0) ///< Enable cross-dso support in CFI.
CODEGENOPT(SanitizeCoverageType, 2, 0) ///< Type of sanitizer coverage CODEGENOPT(SanitizeCoverageType, 2, 0) ///< Type of sanitizer coverage
///< instrumentation. ///< instrumentation.
CODEGENOPT(SanitizeCoverageIndirectCalls, 1, 0) ///< Enable sanitizer coverage CODEGENOPT(SanitizeCoverageIndirectCalls, 1, 0) ///< Enable sanitizer coverage
///< for indirect calls. ///< for indirect calls.
CODEGENOPT(SanitizeCoverageTraceBB, 1, 0) ///< Enable basic block tracing in CODEGENOPT(SanitizeCoverageTraceBB, 1, 0) ///< Enable basic block tracing in
///< in sanitizer coverage. ///< in sanitizer coverage.
CODEGENOPT(SanitizeCoverageTraceCmp, 1, 0) ///< Enable cmp instruction tracing CODEGENOPT(SanitizeCoverageTraceCmp, 1, 0) ///< Enable cmp instruction tracing
///< in sanitizer coverage. ///< in sanitizer coverage.
▲ Show 20 LinesShow All 75 LinesShow Last 20 Lines

lib/CodeGen/CGClass.cpp

Show First 20 LinesShow All 2,546 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitVTablePtrCheck(const CXXRecordDecl *RD,
llvm::Value *VTable, llvm::Value *VTable,
CFITypeCheckKind TCK, CFITypeCheckKind TCK,
SourceLocation Loc) { SourceLocation Loc) {
if (CGM.IsCFIBlacklistedRecord(RD)) if (CGM.IsCFIBlacklistedRecord(RD))
return; return;
SanitizerScope SanScope(this); SanitizerScope SanScope(this);
llvm::Value *BitSetName = llvm::MetadataAsValue::get( llvm::Metadata *MD =
getLLVMContext(), CGM.CreateMetadataIdentifierForType(QualType(RD->getTypeForDecl(), 0));
CGM.CreateMetadataIdentifierForType(QualType(RD->getTypeForDecl(), 0))); llvm::Value *BitSetName = llvm::MetadataAsValue::get(getLLVMContext(), MD);
llvm::Value *CastedVTable = Builder.CreateBitCast(VTable, Int8PtrTy); llvm::Value *CastedVTable = Builder.CreateBitCast(VTable, Int8PtrTy);
llvm::Value *BitSetTest = llvm::Value *BitSetTest =
Builder.CreateCall(CGM.getIntrinsic(llvm::Intrinsic::bitset_test), Builder.CreateCall(CGM.getIntrinsic(llvm::Intrinsic::bitset_test),
{CastedVTable, BitSetName}); {CastedVTable, BitSetName});
if (CGM.getCodeGenOpts().SanitizeCfiCrossDso) {
if (auto TypeId = CGM.CreateCfiIdForTypeMetadata(MD)) {
EmitCfiSlowPathCheck(BitSetTest, TypeId, CastedVTable);
return;
}
}
SanitizerMask M; SanitizerMask M;
switch (TCK) { switch (TCK) {
case CFITCK_VCall: case CFITCK_VCall:
M = SanitizerKind::CFIVCall; M = SanitizerKind::CFIVCall;
break; break;
case CFITCK_NVCall: case CFITCK_NVCall:
M = SanitizerKind::CFINVCall; M = SanitizerKind::CFINVCall;
break; break;
case CFITCK_DerivedCast: case CFITCK_DerivedCast:
M = SanitizerKind::CFIDerivedCast; M = SanitizerKind::CFIDerivedCast;
break; break;
case CFITCK_UnrelatedCast: case CFITCK_UnrelatedCast:
M = SanitizerKind::CFIUnrelatedCast; M = SanitizerKind::CFIUnrelatedCast;
break; break;
} }
pccUnsubmitted
Done
ReplyInline Actions

This could be an early return.

pcc: This could be an early return.
llvm::Constant *StaticData[] = { llvm::Constant *StaticData[] = {
EmitCheckSourceLocation(Loc), EmitCheckSourceLocation(Loc),
EmitCheckTypeDescriptor(QualType(RD->getTypeForDecl(), 0)), EmitCheckTypeDescriptor(QualType(RD->getTypeForDecl(), 0)),
llvm::ConstantInt::get(Int8Ty, TCK), llvm::ConstantInt::get(Int8Ty, TCK),
}; };
EmitCheck(std::make_pair(BitSetTest, M), "cfi_bad_type", StaticData, EmitCheck(std::make_pair(BitSetTest, M), "cfi_bad_type", StaticData,
CastedVTable); CastedVTable);
} }
// FIXME: Ideally Expr::IgnoreParenNoopCasts should do this, but it doesn't do // FIXME: Ideally Expr::IgnoreParenNoopCasts should do this, but it doesn't do
// quite what we want. // quite what we want.
static const Expr *skipNoOpCastsAndParens(const Expr *E) { static const Expr *skipNoOpCastsAndParens(const Expr *E) {
▲ Show 20 LinesShow All 194 LinesShow Last 20 Lines

lib/CodeGen/CGExpr.cpp

Show First 20 LinesShow All 2,526 Lines▼ Show 20 Lines if (!FatalCond || !RecoverableCond) {
EmitBlock(NonFatalHandlerBB); EmitBlock(NonFatalHandlerBB);
emitCheckHandlerCall(*this, FnType, Args, CheckName, RecoverKind, false, emitCheckHandlerCall(*this, FnType, Args, CheckName, RecoverKind, false,
Cont); Cont);
} }
EmitBlock(Cont); EmitBlock(Cont);
} }
void CodeGenFunction::EmitCfiSlowPathCheck(llvm::Value *Cond,
llvm::ConstantInt *TypeId,
llvm::Value *Ptr) {
auto &Ctx = getLLVMContext();
llvm::BasicBlock *Cont = createBasicBlock("cfi.cont");
llvm::BasicBlock *CheckBB = createBasicBlock("cfi.slowpath");
llvm::BranchInst *BI = Builder.CreateCondBr(Cond, Cont, CheckBB);
llvm::MDBuilder MDHelper(getLLVMContext());
llvm::MDNode *Node = MDHelper.createBranchWeights((1U << 20) - 1, 1);
BI->setMetadata(llvm::LLVMContext::MD_prof, Node);
EmitBlock(CheckBB);
llvm::Constant *SlowPathFn = CGM.getModule().getOrInsertFunction(
"__cfi_slowpath",
llvm::FunctionType::get(
llvm::Type::getVoidTy(Ctx),
{llvm::Type::getInt64Ty(Ctx),
llvm::PointerType::getUnqual(llvm::Type::getInt8Ty(Ctx))},
false));
llvm::CallInst *CheckCall = Builder.CreateCall(SlowPathFn, {TypeId, Ptr});
pccUnsubmitted
Not Done
ReplyInline Actions

What happens if MD is not an MDString?

pcc: What happens if `MD` is not an `MDString`?
eugenisAuthorUnsubmitted
Not Done
ReplyInline Actions

assert + check on the caller side

eugenis: assert + check on the caller side
CheckCall->setDoesNotThrow();
EmitBlock(Cont);
pccUnsubmitted
Done
ReplyInline Actions

Use cast instead of dyn_cast/assert (but see my other comment).

pcc: Use cast instead of dyn_cast/assert (but see my other comment).
}
void CodeGenFunction::EmitTrapCheck(llvm::Value *Checked) { void CodeGenFunction::EmitTrapCheck(llvm::Value *Checked) {
llvm::BasicBlock *Cont = createBasicBlock("cont"); llvm::BasicBlock *Cont = createBasicBlock("cont");
// If we're optimizing, collapse all calls to trap down to just one per // If we're optimizing, collapse all calls to trap down to just one per
// function to save on code size. // function to save on code size.
if (!CGM.getCodeGenOpts().OptimizationLevel || !TrapBB) { if (!CGM.getCodeGenOpts().OptimizationLevel || !TrapBB) {
TrapBB = createBasicBlock("trap"); TrapBB = createBasicBlock("trap");
Builder.CreateCondBr(Checked, Cont, TrapBB); Builder.CreateCondBr(Checked, Cont, TrapBB);
▲ Show 20 LinesShow All 1,275 Lines▼ Show 20 LinesRValue CodeGenFunction::EmitCall(QualType CalleeType, llvm::Value *Callee,
} }
// If we are checking indirect calls and this call is indirect, check that the // If we are checking indirect calls and this call is indirect, check that the
// function pointer is a member of the bit set for the function type. // function pointer is a member of the bit set for the function type.
if (SanOpts.has(SanitizerKind::CFIICall) && if (SanOpts.has(SanitizerKind::CFIICall) &&
(!TargetDecl || !isa<FunctionDecl>(TargetDecl))) { (!TargetDecl || !isa<FunctionDecl>(TargetDecl))) {
SanitizerScope SanScope(this); SanitizerScope SanScope(this);
llvm::Value *BitSetName = llvm::MetadataAsValue::get( llvm::Metadata *MD = CGM.CreateMetadataIdentifierForType(QualType(FnType, 0));
getLLVMContext(), llvm::Value *BitSetName = llvm::MetadataAsValue::get(getLLVMContext(), MD);
CGM.CreateMetadataIdentifierForType(QualType(FnType, 0)));
llvm::Value *CastedCallee = Builder.CreateBitCast(Callee, Int8PtrTy); llvm::Value *CastedCallee = Builder.CreateBitCast(Callee, Int8PtrTy);
llvm::Value *BitSetTest = llvm::Value *BitSetTest =
Builder.CreateCall(CGM.getIntrinsic(llvm::Intrinsic::bitset_test), Builder.CreateCall(CGM.getIntrinsic(llvm::Intrinsic::bitset_test),
{CastedCallee, BitSetName}); {CastedCallee, BitSetName});
auto TypeId = CGM.CreateCfiIdForTypeMetadata(MD);
if (CGM.getCodeGenOpts().SanitizeCfiCrossDso && TypeId) {
EmitCfiSlowPathCheck(BitSetTest, TypeId, CastedCallee);
pccUnsubmitted
Not Done
ReplyInline Actions

Early return.

pcc: Early return.
eugenisAuthorUnsubmitted
Not Done
ReplyInline Actions

It's too early to return.

eugenis: It's too early to return.
pccUnsubmitted
Done
ReplyInline Actions

Yes, sorry.

pcc: Yes, sorry.
} else {
llvm::Constant *StaticData[] = { llvm::Constant *StaticData[] = {
EmitCheckSourceLocation(E->getLocStart()), EmitCheckSourceLocation(E->getLocStart()),
EmitCheckTypeDescriptor(QualType(FnType, 0)), EmitCheckTypeDescriptor(QualType(FnType, 0)),
}; };
EmitCheck(std::make_pair(BitSetTest, SanitizerKind::CFIICall), EmitCheck(std::make_pair(BitSetTest, SanitizerKind::CFIICall),
"cfi_bad_icall", StaticData, CastedCallee); "cfi_bad_icall", StaticData, CastedCallee);
} }
}
CallArgList Args; CallArgList Args;
if (Chain) if (Chain)
Args.add(RValue::get(Builder.CreateBitCast(Chain, CGM.VoidPtrTy)), Args.add(RValue::get(Builder.CreateBitCast(Chain, CGM.VoidPtrTy)),
CGM.getContext().VoidPtrTy); CGM.getContext().VoidPtrTy);
EmitCallArgs(Args, dyn_cast<FunctionProtoType>(FnType), E->arguments(), EmitCallArgs(Args, dyn_cast<FunctionProtoType>(FnType), E->arguments(),
E->getDirectCallee(), /*ParamsToSkip*/ 0); E->getDirectCallee(), /*ParamsToSkip*/ 0);
▲ Show 20 LinesShow All 165 LinesShow Last 20 Lines

lib/CodeGen/CGVTables.cpp

Show First 20 LinesShow All 928 Lines▼ Show 20 Lines if (S1 != S2)
return false; return false;
return E1.second < E2.second; return E1.second < E2.second;
}); });
llvm::NamedMDNode *BitsetsMD = llvm::NamedMDNode *BitsetsMD =
getModule().getOrInsertNamedMetadata("llvm.bitsets"); getModule().getOrInsertNamedMetadata("llvm.bitsets");
for (auto BitsetEntry : BitsetEntries) for (auto BitsetEntry : BitsetEntries)
BitsetsMD->addOperand(CreateVTableBitSetEntry( CreateVTableBitSetEntry(BitsetsMD, VTable,
VTable, PointerWidth * BitsetEntry.second, BitsetEntry.first)); PointerWidth * BitsetEntry.second,
BitsetEntry.first);
} }

lib/CodeGen/CodeGenFunction.h

Show First 20 LinesShow All 3,003 Lines▼ Show 20 Linespublic:
/// \brief Create a basic block that will call a handler function in a /// \brief Create a basic block that will call a handler function in a
/// sanitizer runtime with the provided arguments, and create a conditional /// sanitizer runtime with the provided arguments, and create a conditional
/// branch to it. /// branch to it.
void EmitCheck(ArrayRef<std::pair<llvm::Value *, SanitizerMask>> Checked, void EmitCheck(ArrayRef<std::pair<llvm::Value *, SanitizerMask>> Checked,
StringRef CheckName, ArrayRef<llvm::Constant *> StaticArgs, StringRef CheckName, ArrayRef<llvm::Constant *> StaticArgs,
ArrayRef<llvm::Value *> DynamicArgs); ArrayRef<llvm::Value *> DynamicArgs);
/// \brief Emit a slow path cross-DSO CFI check which calls __cfi_slowpath
/// if Cond if false.
void EmitCfiSlowPathCheck(llvm::Value *Cond, llvm::ConstantInt *TypeId,
llvm::Value *Ptr);
/// \brief Create a basic block that will call the trap intrinsic, and emit a /// \brief Create a basic block that will call the trap intrinsic, and emit a
/// conditional branch to it, for the -ftrapv checks. /// conditional branch to it, for the -ftrapv checks.
void EmitTrapCheck(llvm::Value *Checked); void EmitTrapCheck(llvm::Value *Checked);
/// \brief Emit a call to trap or debugtrap and attach function attribute /// \brief Emit a call to trap or debugtrap and attach function attribute
/// "trap-func-name" if specified. /// "trap-func-name" if specified.
llvm::CallInst *EmitTrapCall(llvm::Intrinsic::ID IntrID); llvm::CallInst *EmitTrapCall(llvm::Intrinsic::ID IntrID);
▲ Show 20 LinesShow All 288 LinesShow Last 20 Lines

lib/CodeGen/CodeGenModule.h

Show First 20 LinesShow All 1,100 Lines▼ Show 20 Linespublic:
/// integrity checks. /// integrity checks.
bool IsCFIBlacklistedRecord(const CXXRecordDecl *RD); bool IsCFIBlacklistedRecord(const CXXRecordDecl *RD);
/// Emit bit set entries for the given vtable using the given layout if /// Emit bit set entries for the given vtable using the given layout if
/// vptr CFI is enabled. /// vptr CFI is enabled.
void EmitVTableBitSetEntries(llvm::GlobalVariable *VTable, void EmitVTableBitSetEntries(llvm::GlobalVariable *VTable,
const VTableLayout &VTLayout); const VTableLayout &VTLayout);
/// Generate a cross-DSO type identifier for type.
llvm::ConstantInt *CreateCfiIdForTypeMetadata(llvm::Metadata *MD);
/// Create a metadata identifier for the given type. This may either be an /// Create a metadata identifier for the given type. This may either be an
/// MDString (for external identifiers) or a distinct unnamed MDNode (for /// MDString (for external identifiers) or a distinct unnamed MDNode (for
/// internal identifiers). /// internal identifiers).
llvm::Metadata *CreateMetadataIdentifierForType(QualType T); llvm::Metadata *CreateMetadataIdentifierForType(QualType T);
/// Create a bitset entry for the given vtable. /// Create a bitset entry for the given function and add it to BitsetsMD.
llvm::MDTuple *CreateVTableBitSetEntry(llvm::GlobalVariable *VTable, void CreateFunctionBitSetEntry(const FunctionDecl *FD, llvm::Function *F);
CharUnits Offset,
/// Create a bitset entry for the given vtable and add it to BitsetsMD.
void CreateVTableBitSetEntry(llvm::NamedMDNode *BitsetsMD,
llvm::GlobalVariable *VTable, CharUnits Offset,
const CXXRecordDecl *RD); const CXXRecordDecl *RD);
/// \breif Get the declaration of std::terminate for the platform. /// \breif Get the declaration of std::terminate for the platform.
llvm::Constant *getTerminateFn(); llvm::Constant *getTerminateFn();
private: private:
llvm::Constant * llvm::Constant *
GetOrCreateLLVMFunction(StringRef MangledName, llvm::Type *Ty, GlobalDecl D, GetOrCreateLLVMFunction(StringRef MangledName, llvm::Type *Ty, GlobalDecl D,
bool ForVTable, bool DontDefer = false, bool ForVTable, bool DontDefer = false,
▲ Show 20 LinesShow All 113 LinesShow Last 20 Lines

lib/CodeGen/CodeGenModule.cpp

Show First 20 LinesShow All 47 Lines▼ Show 20 Lines
#include "llvm/IR/CallingConv.h" #include "llvm/IR/CallingConv.h"
#include "llvm/IR/DataLayout.h" #include "llvm/IR/DataLayout.h"
#include "llvm/IR/Intrinsics.h" #include "llvm/IR/Intrinsics.h"
#include "llvm/IR/LLVMContext.h" #include "llvm/IR/LLVMContext.h"
#include "llvm/IR/Module.h" #include "llvm/IR/Module.h"
#include "llvm/ProfileData/InstrProfReader.h" #include "llvm/ProfileData/InstrProfReader.h"
#include "llvm/Support/ConvertUTF.h" #include "llvm/Support/ConvertUTF.h"
#include "llvm/Support/ErrorHandling.h" #include "llvm/Support/ErrorHandling.h"
#include "llvm/Support/MD5.h"
using namespace clang; using namespace clang;
using namespace CodeGen; using namespace CodeGen;
static const char AnnotationSection[] = "llvm.metadata"; static const char AnnotationSection[] = "llvm.metadata";
static CGCXXABI *createCXXABI(CodeGenModule &CGM) { static CGCXXABI *createCXXABI(CodeGenModule &CGM) {
switch (CGM.getTarget().getCXXABI().getKind()) { switch (CGM.getTarget().getCXXABI().getKind()) {
▲ Show 20 LinesShow All 370 Lines▼ Show 20 Lines uint64_t WCharWidth =
Context.getTypeSizeInChars(Context.getWideCharType()).getQuantity(); Context.getTypeSizeInChars(Context.getWideCharType()).getQuantity();
getModule().addModuleFlag(llvm::Module::Error, "wchar_size", WCharWidth); getModule().addModuleFlag(llvm::Module::Error, "wchar_size", WCharWidth);
// The minimum width of an enum in bytes // The minimum width of an enum in bytes
uint64_t EnumWidth = Context.getLangOpts().ShortEnums ? 1 : 4; uint64_t EnumWidth = Context.getLangOpts().ShortEnums ? 1 : 4;
getModule().addModuleFlag(llvm::Module::Error, "min_enum_size", EnumWidth); getModule().addModuleFlag(llvm::Module::Error, "min_enum_size", EnumWidth);
} }
if (CodeGenOpts.SanitizeCfiCrossDso) {
// Indicate that we want cross-DSO control flow integrity checks.
getModule().addModuleFlag(llvm::Module::Override, "Cross-DSO CFI", 1);
}
if (uint32_t PLevel = Context.getLangOpts().PICLevel) { if (uint32_t PLevel = Context.getLangOpts().PICLevel) {
llvm::PICLevel::Level PL = llvm::PICLevel::Default; llvm::PICLevel::Level PL = llvm::PICLevel::Default;
switch (PLevel) { switch (PLevel) {
case 0: break; case 0: break;
case 1: PL = llvm::PICLevel::Small; break; case 1: PL = llvm::PICLevel::Small; break;
case 2: PL = llvm::PICLevel::Large; break; case 2: PL = llvm::PICLevel::Large; break;
default: llvm_unreachable("Invalid PIC Level"); default: llvm_unreachable("Invalid PIC Level");
} }
▲ Show 20 LinesShow All 281 Lines▼ Show 20 Linesvoid CodeGenModule::setFunctionDLLStorageClass(GlobalDecl GD, llvm::Function *F) {
if (FD->hasAttr<DLLImportAttr>()) if (FD->hasAttr<DLLImportAttr>())
F->setDLLStorageClass(llvm::GlobalVariable::DLLImportStorageClass); F->setDLLStorageClass(llvm::GlobalVariable::DLLImportStorageClass);
else if (FD->hasAttr<DLLExportAttr>()) else if (FD->hasAttr<DLLExportAttr>())
F->setDLLStorageClass(llvm::GlobalVariable::DLLExportStorageClass); F->setDLLStorageClass(llvm::GlobalVariable::DLLExportStorageClass);
else else
F->setDLLStorageClass(llvm::GlobalVariable::DefaultStorageClass); F->setDLLStorageClass(llvm::GlobalVariable::DefaultStorageClass);
} }
llvm::ConstantInt *
CodeGenModule::CreateCfiIdForTypeMetadata(llvm::Metadata *MD) {
llvm::MDString *MDS = dyn_cast<llvm::MDString>(MD);
if (!MDS) return nullptr;
llvm::MD5 md5;
llvm::MD5::MD5Result result;
md5.update(MDS->getString());
md5.final(result);
uint64_t id = 0;
for (int i = 0; i < 8; ++i)
id |= static_cast<uint64_t>(result[i]) << (i * 8);
return llvm::ConstantInt::get(Int64Ty, id);
}
void CodeGenModule::setFunctionDefinitionAttributes(const FunctionDecl *D, void CodeGenModule::setFunctionDefinitionAttributes(const FunctionDecl *D,
llvm::Function *F) { llvm::Function *F) {
setNonAliasAttributes(D, F); setNonAliasAttributes(D, F);
} }
void CodeGenModule::SetLLVMFunctionAttributes(const Decl *D, void CodeGenModule::SetLLVMFunctionAttributes(const Decl *D,
const CGFunctionInfo &Info, const CGFunctionInfo &Info,
llvm::Function *F) { llvm::Function *F) {
▲ Show 20 LinesShow All 176 Lines▼ Show 20 Lines if (LV.getLinkage() != ExternalLinkage) {
} }
// Set visibility on a declaration only if it's explicit. // Set visibility on a declaration only if it's explicit.
if (LV.isVisibilityExplicit()) if (LV.isVisibilityExplicit())
GV->setVisibility(CodeGenModule::GetLLVMVisibility(LV.getVisibility())); GV->setVisibility(CodeGenModule::GetLLVMVisibility(LV.getVisibility()));
} }
} }
void CodeGenModule::CreateFunctionBitSetEntry(const FunctionDecl *FD,
llvm::Function *F) {
// Only if we are checking indirect calls.
if (!LangOpts.Sanitize.has(SanitizerKind::CFIICall))
return;
// Non-static class methods are handled via vtable pointer checks elsewhere.
if (isa<CXXMethodDecl>(FD) && !cast<CXXMethodDecl>(FD)->isStatic())
return;
// Additionally, if building with cross-DSO support...
if (CodeGenOpts.SanitizeCfiCrossDso) {
// Don't emit entries for function declarations. In cross-DSO mode these are
// handled with better precision at run time.
if (!FD->hasBody())
return;
// Skip available_externally functions. They won't be codegen'ed in the
// current module anyway.
if (getContext().GetGVALinkageForFunction(FD) == GVA_AvailableExternally)
return;
}
llvm::NamedMDNode *BitsetsMD =
getModule().getOrInsertNamedMetadata("llvm.bitsets");
llvm::Metadata *MD = CreateMetadataIdentifierForType(FD->getType());
llvm::Metadata *BitsetOps[] = {
MD, llvm::ConstantAsMetadata::get(F),
llvm::ConstantAsMetadata::get(llvm::ConstantInt::get(Int64Ty, 0))};
BitsetsMD->addOperand(llvm::MDTuple::get(getLLVMContext(), BitsetOps));
// Emit a hash-based bit set entry for cross-DSO calls.
if (CodeGenOpts.SanitizeCfiCrossDso) {
if (auto TypeId = CreateCfiIdForTypeMetadata(MD)) {
llvm::Metadata *BitsetOps2[] = {
llvm::ConstantAsMetadata::get(TypeId),
llvm::ConstantAsMetadata::get(F),
llvm::ConstantAsMetadata::get(llvm::ConstantInt::get(Int64Ty, 0))};
BitsetsMD->addOperand(llvm::MDTuple::get(getLLVMContext(), BitsetOps2));
}
}
}
void CodeGenModule::SetFunctionAttributes(GlobalDecl GD, llvm::Function *F, void CodeGenModule::SetFunctionAttributes(GlobalDecl GD, llvm::Function *F,
bool IsIncompleteFunction, bool IsIncompleteFunction,
bool IsThunk) { bool IsThunk) {
if (llvm::Intrinsic::ID IID = F->getIntrinsicID()) { if (llvm::Intrinsic::ID IID = F->getIntrinsicID()) {
// If this is an intrinsic function, set the function's attributes // If this is an intrinsic function, set the function's attributes
// to the intrinsic's attributes. // to the intrinsic's attributes.
F->setAttributes(llvm::Intrinsic::getAttributes(getLLVMContext(), IID)); F->setAttributes(llvm::Intrinsic::getAttributes(getLLVMContext(), IID));
return; return;
Show All 26 Lines if (const SectionAttr *SA = FD->getAttr<SectionAttr>())
F->setSection(SA->getName()); F->setSection(SA->getName());
// A replaceable global allocation function does not act like a builtin by // A replaceable global allocation function does not act like a builtin by
// default, only if it is invoked by a new-expression or delete-expression. // default, only if it is invoked by a new-expression or delete-expression.
if (FD->isReplaceableGlobalAllocationFunction()) if (FD->isReplaceableGlobalAllocationFunction())
F->addAttribute(llvm::AttributeSet::FunctionIndex, F->addAttribute(llvm::AttributeSet::FunctionIndex,
llvm::Attribute::NoBuiltin); llvm::Attribute::NoBuiltin);
// If we are checking indirect calls and this is not a non-static member CreateFunctionBitSetEntry(FD, F);
pccUnsubmitted
Not Done
ReplyInline Actions

This is a little hard to read and probably needs to go back into a function with early returns. Sorry, my bad. I also think the logic for available_externally is wrong (please add a test case).

pcc: This is a little hard to read and probably needs to go back into a function with early returns.
eugenisAuthorUnsubmitted
Not Done
ReplyInline Actions

Moved out to a function. Added a testcase. Looks like available_externally is handled correctly.

eugenis: Moved out to a function. Added a testcase. Looks like available_externally is handled correctly.
pccUnsubmitted
Done
ReplyInline Actions

Yes, that's because you fixed it :)

pcc: Yes, that's because you fixed it :)
// function, emit a bit set entry for the function type.
if (LangOpts.Sanitize.has(SanitizerKind::CFIICall) &&
!(isa<CXXMethodDecl>(FD) && !cast<CXXMethodDecl>(FD)->isStatic())) {
llvm::NamedMDNode *BitsetsMD =
getModule().getOrInsertNamedMetadata("llvm.bitsets");
llvm::Metadata *BitsetOps[] = {
CreateMetadataIdentifierForType(FD->getType()),
llvm::ConstantAsMetadata::get(F),
llvm::ConstantAsMetadata::get(llvm::ConstantInt::get(Int64Ty, 0))};
BitsetsMD->addOperand(llvm::MDTuple::get(getLLVMContext(), BitsetOps));
}
} }
pccUnsubmitted
Done
ReplyInline Actions

I would move the logic back here and make the check for definedness etc explicit. We shouldn't emit a bitset entry if the function has available_externally linkage for example.

pcc: I would move the logic back here and make the check for definedness etc explicit. We shouldn't…
void CodeGenModule::addUsedGlobal(llvm::GlobalValue *GV) { void CodeGenModule::addUsedGlobal(llvm::GlobalValue *GV) {
assert(!GV->isDeclaration() && assert(!GV->isDeclaration() &&
pccUnsubmitted
Done
ReplyInline Actions

This isn't handling function types with internal linkage.

We can probably do this more consistently (e.g. by introducing a function that takes a Metadata from CreateMetadataIdentifierForType and returns a ConstantInt or nullptr if none suitable, and using it here, in callers of EmitCfiSlowPathCheck and in CreateVTableBitSetEntry).

pcc: This isn't handling function types with internal linkage. We can probably do this more…
pccUnsubmitted
Not Done
ReplyInline Actions

What about callers of EmitCfiSlowPathCheck?

pcc: What about callers of `EmitCfiSlowPathCheck`?
eugenisAuthorUnsubmitted
Not Done
ReplyInline Actions

updated

eugenis: updated
eugenisAuthorUnsubmitted
Not Done
ReplyInline Actions

fixed

eugenis: fixed
"Only globals with definition can force usage."); "Only globals with definition can force usage.");
LLVMUsed.emplace_back(GV); LLVMUsed.emplace_back(GV);
} }
void CodeGenModule::addCompilerUsedGlobal(llvm::GlobalValue *GV) { void CodeGenModule::addCompilerUsedGlobal(llvm::GlobalValue *GV) {
assert(!GV->isDeclaration() && assert(!GV->isDeclaration() &&
"Only globals with definition can force usage."); "Only globals with definition can force usage.");
LLVMCompilerUsed.emplace_back(GV); LLVMCompilerUsed.emplace_back(GV);
▲ Show 20 LinesShow All 2,866 Lines▼ Show 20 Linesllvm::Metadata *CodeGenModule::CreateMetadataIdentifierForType(QualType T) {
} else { } else {
InternalId = llvm::MDNode::getDistinct(getLLVMContext(), InternalId = llvm::MDNode::getDistinct(getLLVMContext(),
llvm::ArrayRef<llvm::Metadata *>()); llvm::ArrayRef<llvm::Metadata *>());
} }
return InternalId; return InternalId;
} }
llvm::MDTuple *CodeGenModule::CreateVTableBitSetEntry( void CodeGenModule::CreateVTableBitSetEntry(llvm::NamedMDNode *BitsetsMD,
llvm::GlobalVariable *VTable, CharUnits Offset, const CXXRecordDecl *RD) { llvm::GlobalVariable *VTable,
CharUnits Offset,
const CXXRecordDecl *RD) {
llvm::Metadata *MD =
CreateMetadataIdentifierForType(QualType(RD->getTypeForDecl(), 0));
llvm::Metadata *BitsetOps[] = { llvm::Metadata *BitsetOps[] = {
CreateMetadataIdentifierForType(QualType(RD->getTypeForDecl(), 0)), MD, llvm::ConstantAsMetadata::get(VTable),
llvm::ConstantAsMetadata::get(
llvm::ConstantInt::get(Int64Ty, Offset.getQuantity()))};
BitsetsMD->addOperand(llvm::MDTuple::get(getLLVMContext(), BitsetOps));
if (CodeGenOpts.SanitizeCfiCrossDso) {
if (auto TypeId = CreateCfiIdForTypeMetadata(MD)) {
llvm::Metadata *BitsetOps2[] = {
llvm::ConstantAsMetadata::get(TypeId),
llvm::ConstantAsMetadata::get(VTable), llvm::ConstantAsMetadata::get(VTable),
llvm::ConstantAsMetadata::get( llvm::ConstantAsMetadata::get(
llvm::ConstantInt::get(Int64Ty, Offset.getQuantity()))}; llvm::ConstantInt::get(Int64Ty, Offset.getQuantity()))};
return llvm::MDTuple::get(getLLVMContext(), BitsetOps); BitsetsMD->addOperand(llvm::MDTuple::get(getLLVMContext(), BitsetOps2));
}
}
} }
// Fills in the supplied string map with the set of target features for the // Fills in the supplied string map with the set of target features for the
// passed in function. // passed in function.
void CodeGenModule::getFunctionFeatureMap(llvm::StringMap<bool> &FeatureMap, void CodeGenModule::getFunctionFeatureMap(llvm::StringMap<bool> &FeatureMap,
const FunctionDecl *FD) { const FunctionDecl *FD) {
StringRef TargetCPU = Target.getTargetOpts().CPU; StringRef TargetCPU = Target.getTargetOpts().CPU;
if (const auto *TD = FD->getAttr<TargetAttr>()) { if (const auto *TD = FD->getAttr<TargetAttr>()) {
Show All 22 Lines

lib/CodeGen/MicrosoftCXXABI.cpp

Show First 20 LinesShow All 1,517 Lines▼ Show 20 Linesvoid MicrosoftCXXABI::emitVTableBitSetEntries(VPtrInfo *Info,
CharUnits AddressPoint = CharUnits AddressPoint =
getContext().getLangOpts().RTTIData getContext().getLangOpts().RTTIData
? getContext().toCharUnitsFromBits( ? getContext().toCharUnitsFromBits(
getContext().getTargetInfo().getPointerWidth(0)) getContext().getTargetInfo().getPointerWidth(0))
: CharUnits::Zero(); : CharUnits::Zero();
if (Info->PathToBaseWithVPtr.empty()) { if (Info->PathToBaseWithVPtr.empty()) {
if (!CGM.IsCFIBlacklistedRecord(RD)) if (!CGM.IsCFIBlacklistedRecord(RD))
BitsetsMD->addOperand( CGM.CreateVTableBitSetEntry(BitsetsMD, VTable, AddressPoint, RD);
CGM.CreateVTableBitSetEntry(VTable, AddressPoint, RD));
return; return;
} }
// Add a bitset entry for the least derived base belonging to this vftable. // Add a bitset entry for the least derived base belonging to this vftable.
if (!CGM.IsCFIBlacklistedRecord(Info->PathToBaseWithVPtr.back())) if (!CGM.IsCFIBlacklistedRecord(Info->PathToBaseWithVPtr.back()))
BitsetsMD->addOperand(CGM.CreateVTableBitSetEntry( CGM.CreateVTableBitSetEntry(BitsetsMD, VTable, AddressPoint,
VTable, AddressPoint, Info->PathToBaseWithVPtr.back())); Info->PathToBaseWithVPtr.back());
// Add a bitset entry for each derived class that is laid out at the same // Add a bitset entry for each derived class that is laid out at the same
// offset as the least derived base. // offset as the least derived base.
for (unsigned I = Info->PathToBaseWithVPtr.size() - 1; I != 0; --I) { for (unsigned I = Info->PathToBaseWithVPtr.size() - 1; I != 0; --I) {
const CXXRecordDecl *DerivedRD = Info->PathToBaseWithVPtr[I - 1]; const CXXRecordDecl *DerivedRD = Info->PathToBaseWithVPtr[I - 1];
const CXXRecordDecl *BaseRD = Info->PathToBaseWithVPtr[I]; const CXXRecordDecl *BaseRD = Info->PathToBaseWithVPtr[I];
const ASTRecordLayout &Layout = const ASTRecordLayout &Layout =
getContext().getASTRecordLayout(DerivedRD); getContext().getASTRecordLayout(DerivedRD);
CharUnits Offset; CharUnits Offset;
auto VBI = Layout.getVBaseOffsetsMap().find(BaseRD); auto VBI = Layout.getVBaseOffsetsMap().find(BaseRD);
if (VBI == Layout.getVBaseOffsetsMap().end()) if (VBI == Layout.getVBaseOffsetsMap().end())
Offset = Layout.getBaseClassOffset(BaseRD); Offset = Layout.getBaseClassOffset(BaseRD);
else else
Offset = VBI->second.VBaseOffset; Offset = VBI->second.VBaseOffset;
if (!Offset.isZero()) if (!Offset.isZero())
return; return;
if (!CGM.IsCFIBlacklistedRecord(DerivedRD)) if (!CGM.IsCFIBlacklistedRecord(DerivedRD))
BitsetsMD->addOperand( CGM.CreateVTableBitSetEntry(BitsetsMD, VTable, AddressPoint, DerivedRD);
CGM.CreateVTableBitSetEntry(VTable, AddressPoint, DerivedRD));
} }
// Finally do the same for the most derived class. // Finally do the same for the most derived class.
if (Info->FullOffsetInMDC.isZero() && !CGM.IsCFIBlacklistedRecord(RD)) if (Info->FullOffsetInMDC.isZero() && !CGM.IsCFIBlacklistedRecord(RD))
BitsetsMD->addOperand( CGM.CreateVTableBitSetEntry(BitsetsMD, VTable, AddressPoint, RD);
CGM.CreateVTableBitSetEntry(VTable, AddressPoint, RD));
} }
void MicrosoftCXXABI::emitVTableDefinitions(CodeGenVTables &CGVT, void MicrosoftCXXABI::emitVTableDefinitions(CodeGenVTables &CGVT,
const CXXRecordDecl *RD) { const CXXRecordDecl *RD) {
MicrosoftVTableContext &VFTContext = CGM.getMicrosoftVTableContext(); MicrosoftVTableContext &VFTContext = CGM.getMicrosoftVTableContext();
const VPtrInfoVector &VFPtrs = VFTContext.getVFPtrOffsets(RD); const VPtrInfoVector &VFPtrs = VFTContext.getVFPtrOffsets(RD);
for (VPtrInfo *Info : VFPtrs) { for (VPtrInfo *Info : VFPtrs) {
▲ Show 20 LinesShow All 2,610 LinesShow Last 20 Lines

lib/Driver/SanitizerArgs.cpp

Show First 20 LinesShow All 154 Lines▼ Show 20 Linesstatic SanitizerMask parseSanitizeTrapArgs(const Driver &D,
return TrappingKinds; return TrappingKinds;
} }
bool SanitizerArgs::needsUbsanRt() const { bool SanitizerArgs::needsUbsanRt() const {
return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) && return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) &&
!Sanitizers.has(Address) && !Sanitizers.has(Address) &&
!Sanitizers.has(Memory) && !Sanitizers.has(Memory) &&
!Sanitizers.has(Thread); !Sanitizers.has(Thread) &&
!CfiCrossDso;
}
bool SanitizerArgs::needsCfiRt() const {
return CfiCrossDso;
} }
bool SanitizerArgs::requiresPIE() const { bool SanitizerArgs::requiresPIE() const {
return NeedPIE || (Sanitizers.Mask & RequiresPIE); return NeedPIE || (Sanitizers.Mask & RequiresPIE);
} }
bool SanitizerArgs::needsUnwindTables() const { bool SanitizerArgs::needsUnwindTables() const {
return Sanitizers.Mask & NeedsUnwindTables; return Sanitizers.Mask & NeedsUnwindTables;
} }
void SanitizerArgs::clear() { void SanitizerArgs::clear() {
Sanitizers.clear(); Sanitizers.clear();
RecoverableSanitizers.clear(); RecoverableSanitizers.clear();
TrapSanitizers.clear(); TrapSanitizers.clear();
BlacklistFiles.clear(); BlacklistFiles.clear();
ExtraDeps.clear(); ExtraDeps.clear();
CoverageFeatures = 0; CoverageFeatures = 0;
MsanTrackOrigins = 0; MsanTrackOrigins = 0;
MsanUseAfterDtor = false; MsanUseAfterDtor = false;
NeedPIE = false; NeedPIE = false;
AsanFieldPadding = 0; AsanFieldPadding = 0;
AsanSharedRuntime = false; AsanSharedRuntime = false;
LinkCXXRuntimes = false; LinkCXXRuntimes = false;
CfiCrossDso = false;
} }
SanitizerArgs::SanitizerArgs(const ToolChain &TC, SanitizerArgs::SanitizerArgs(const ToolChain &TC,
const llvm::opt::ArgList &Args) { const llvm::opt::ArgList &Args) {
clear(); clear();
SanitizerMask AllRemove = 0; // During the loop below, the accumulated set of SanitizerMask AllRemove = 0; // During the loop below, the accumulated set of
// sanitizers disabled by the current sanitizer // sanitizers disabled by the current sanitizer
// argument or any argument after it. // argument or any argument after it.
▲ Show 20 LinesShow All 230 Lines▼ Show 20 Lines if (Arg *A =
} }
} }
MsanUseAfterDtor = MsanUseAfterDtor =
Args.hasArg(options::OPT_fsanitize_memory_use_after_dtor); Args.hasArg(options::OPT_fsanitize_memory_use_after_dtor);
NeedPIE |= !(TC.getTriple().isOSLinux() && NeedPIE |= !(TC.getTriple().isOSLinux() &&
TC.getTriple().getArch() == llvm::Triple::x86_64); TC.getTriple().getArch() == llvm::Triple::x86_64);
} }
if (AllAddedKinds & CFI) {
CfiCrossDso = Args.hasFlag(options::OPT_fsanitize_cfi_cross_dso,
options::OPT_fno_sanitize_cfi_cross_dso, false);
// Without PIE, external function address may resolve to a PLT record, which
// can not be verified by the target module.
NeedPIE |= CfiCrossDso;
}
// Parse -f(no-)?sanitize-coverage flags if coverage is supported by the // Parse -f(no-)?sanitize-coverage flags if coverage is supported by the
// enabled sanitizers. // enabled sanitizers.
if (AllAddedKinds & SupportsCoverage) { if (AllAddedKinds & SupportsCoverage) {
for (const auto *Arg : Args) { for (const auto *Arg : Args) {
if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) { if (Arg->getOption().matches(options::OPT_fsanitize_coverage)) {
Arg->claim(); Arg->claim();
int LegacySanitizeCoverage; int LegacySanitizeCoverage;
if (Arg->getNumValues() == 1 && if (Arg->getNumValues() == 1 &&
▲ Show 20 LinesShow All 134 Lines▼ Show 20 Linesvoid SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
if (MsanTrackOrigins) if (MsanTrackOrigins)
CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-track-origins=" + CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-track-origins=" +
llvm::utostr(MsanTrackOrigins))); llvm::utostr(MsanTrackOrigins)));
if (MsanUseAfterDtor) if (MsanUseAfterDtor)
CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-use-after-dtor")); CmdArgs.push_back(Args.MakeArgString("-fsanitize-memory-use-after-dtor"));
if (CfiCrossDso)
CmdArgs.push_back(Args.MakeArgString("-fsanitize-cfi-cross-dso"));
if (AsanFieldPadding) if (AsanFieldPadding)
CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" + CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-field-padding=" +
llvm::utostr(AsanFieldPadding))); llvm::utostr(AsanFieldPadding)));
// Translate available CoverageFeatures to corresponding clang-cc1 flags. // Translate available CoverageFeatures to corresponding clang-cc1 flags.
std::pair<int, const char *> CoverageFlags[] = { std::pair<int, const char *> CoverageFlags[] = {
std::make_pair(CoverageFunc, "-fsanitize-coverage-type=1"), std::make_pair(CoverageFunc, "-fsanitize-coverage-type=1"),
std::make_pair(CoverageBB, "-fsanitize-coverage-type=2"), std::make_pair(CoverageBB, "-fsanitize-coverage-type=2"),
std::make_pair(CoverageEdge, "-fsanitize-coverage-type=3"), std::make_pair(CoverageEdge, "-fsanitize-coverage-type=3"),
▲ Show 20 LinesShow All 119 LinesShow Last 20 Lines

lib/Driver/Tools.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 2,786 Lines▼ Show 20 LinescollectSanitizerRuntimes(const ToolChain &TC, const ArgList &Args,
} }
if (SanArgs.needsUbsanRt()) { if (SanArgs.needsUbsanRt()) {
StaticRuntimes.push_back("ubsan_standalone"); StaticRuntimes.push_back("ubsan_standalone");
if (SanArgs.linkCXXRuntimes()) if (SanArgs.linkCXXRuntimes())
StaticRuntimes.push_back("ubsan_standalone_cxx"); StaticRuntimes.push_back("ubsan_standalone_cxx");
} }
if (SanArgs.needsSafeStackRt()) if (SanArgs.needsSafeStackRt())
StaticRuntimes.push_back("safestack"); StaticRuntimes.push_back("safestack");
if (SanArgs.needsCfiRt())
StaticRuntimes.push_back("cfi");
} }
// Should be called before we add system libraries (C++ ABI, libstdc++/libc++, // Should be called before we add system libraries (C++ ABI, libstdc++/libc++,
// C runtime, etc). Returns true if sanitizer system deps need to be linked in. // C runtime, etc). Returns true if sanitizer system deps need to be linked in.
static bool addSanitizerRuntimes(const ToolChain &TC, const ArgList &Args, static bool addSanitizerRuntimes(const ToolChain &TC, const ArgList &Args,
ArgStringList &CmdArgs) { ArgStringList &CmdArgs) {
SmallVector<StringRef, 4> SharedRuntimes, StaticRuntimes, SmallVector<StringRef, 4> SharedRuntimes, StaticRuntimes,
HelperStaticRuntimes; HelperStaticRuntimes;
▲ Show 20 LinesShow All 7,670 LinesShow Last 20 Lines

lib/Frontend/CompilerInvocation.cpp

Show First 20 LinesShow All 580 Lines▼ Show 20 Linesstatic bool ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args, InputKind IK,
Opts.SanitizeCoverageTraceBB = Args.hasArg(OPT_fsanitize_coverage_trace_bb); Opts.SanitizeCoverageTraceBB = Args.hasArg(OPT_fsanitize_coverage_trace_bb);
Opts.SanitizeCoverageTraceCmp = Args.hasArg(OPT_fsanitize_coverage_trace_cmp); Opts.SanitizeCoverageTraceCmp = Args.hasArg(OPT_fsanitize_coverage_trace_cmp);
Opts.SanitizeCoverage8bitCounters = Opts.SanitizeCoverage8bitCounters =
Args.hasArg(OPT_fsanitize_coverage_8bit_counters); Args.hasArg(OPT_fsanitize_coverage_8bit_counters);
Opts.SanitizeMemoryTrackOrigins = Opts.SanitizeMemoryTrackOrigins =
getLastArgIntValue(Args, OPT_fsanitize_memory_track_origins_EQ, 0, Diags); getLastArgIntValue(Args, OPT_fsanitize_memory_track_origins_EQ, 0, Diags);
Opts.SanitizeMemoryUseAfterDtor = Opts.SanitizeMemoryUseAfterDtor =
Args.hasArg(OPT_fsanitize_memory_use_after_dtor); Args.hasArg(OPT_fsanitize_memory_use_after_dtor);
Opts.SanitizeCfiCrossDso = Args.hasArg(OPT_fsanitize_cfi_cross_dso);
Opts.SSPBufferSize = Opts.SSPBufferSize =
getLastArgIntValue(Args, OPT_stack_protector_buffer_size, 8, Diags); getLastArgIntValue(Args, OPT_stack_protector_buffer_size, 8, Diags);
Opts.StackRealignment = Args.hasArg(OPT_mstackrealign); Opts.StackRealignment = Args.hasArg(OPT_mstackrealign);
if (Arg *A = Args.getLastArg(OPT_mstack_alignment)) { if (Arg *A = Args.getLastArg(OPT_mstack_alignment)) {
StringRef Val = A->getValue(); StringRef Val = A->getValue();
unsigned StackAlignment = Opts.StackAlignment; unsigned StackAlignment = Opts.StackAlignment;
Val.getAsInteger(10, StackAlignment); Val.getAsInteger(10, StackAlignment);
Opts.StackAlignment = StackAlignment; Opts.StackAlignment = StackAlignment;
▲ Show 20 LinesShow All 1,660 LinesShow Last 20 Lines

test/CodeGen/cfi-icall-cross-dso.c

  • This file was added.
// RUN: %clang_cc1 -triple x86_64-unknown-linux -O1 -fsanitize=cfi-icall -fsanitize-cfi-cross-dso -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=ITANIUM %s
// RUN: %clang_cc1 -triple x86_64-pc-windows-msvc -O1 -fsanitize=cfi-icall -fsanitize-cfi-cross-dso -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=MS %s
void caller(void (*f)()) {
f();
}
static void g(void) {}
void h(void);
typedef void (*Fn)(void);
Fn g1() {
return &g;
}
Fn h1() {
return &h;
}
inline void foo() {}
void bar() { foo(); }
// ITANIUM: call i1 @llvm.bitset.test(i8* %{{.*}}, metadata !"_ZTSFvE"), !nosanitize
// ITANIUM: call void @__cfi_slowpath(i64 6588678392271548388, i8* %{{.*}}) {{.*}}, !nosanitize
// MS: call i1 @llvm.bitset.test(i8* %{{.*}}, metadata !"?6AX@Z"), !nosanitize
// MS: call void @__cfi_slowpath(i64 4195979634929632483, i8* %{{.*}}) {{.*}}, !nosanitize
// ITANIUM: define available_externally void @foo()
// MS: define linkonce_odr void @foo()
// Check that we emit both string and hash based bit set entries for static void g(),
// and don't emit them for the declaration of h().
// CHECK-NOT: !{!"{{.*}}", void ()* @h, i64 0}
// CHECK: !{!"{{.*}}", void ()* @g, i64 0}
// CHECK-NOT: !{!"{{.*}}", void ()* @h, i64 0}
// CHECK: !{i64 {{.*}}, void ()* @g, i64 0}
// CHECK-NOT: !{!"{{.*}}", void ()* @h, i64 0}
// ITANIUM-NOT: !{!{{.*}}, void ()* @foo,
// ITANIUM: !{!"_ZTSFvE", void ()* @bar, i64 0}
// ITANIUM-NOT: !{!{{.*}}, void ()* @foo,
// ITANIUM: !{i64 6588678392271548388, void ()* @bar, i64 0}
// ITANIUM-NOT: !{!{{.*}}, void ()* @foo,
// MS: !{!"?6AX@Z", void ()* @foo, i64 0}
// MS: !{i64 4195979634929632483, void ()* @foo, i64 0}
// CHECK: !{i32 4, !"Cross-DSO CFI", i32 1}

test/CodeGenCXX/cfi-cross-dso.cpp

  • This file was added.
// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-vcall -fsanitize-cfi-cross-dso -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=ITANIUM %s
// RUN: %clang_cc1 -triple x86_64-pc-windows-msvc -fsanitize=cfi-vcall -fsanitize-cfi-cross-dso -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=MS %s
struct A {
A();
virtual void f();
};
A::A() {}
void A::f() {}
void caller(A* a) {
a->f();
}
namespace {
struct B {
virtual void f();
};
void B::f() {}
} // namespace
void g() {
B b;
b.f();
}
// MS: @[[B_VTABLE:.*]] = private unnamed_addr constant [2 x i8*] {{.*}}@"\01??_R4B@?A@@6B@"{{.*}}@"\01?f@B@?A@@UEAAXXZ"
// CHECK: %[[VT:.*]] = load void (%struct.A*)**, void (%struct.A*)***
// CHECK: %[[VT2:.*]] = bitcast {{.*}}%[[VT]] to i8*, !nosanitize
// ITANIUM: %[[TEST:.*]] = call i1 @llvm.bitset.test(i8* %[[VT2]], metadata !"_ZTS1A"), !nosanitize
// MS: %[[TEST:.*]] = call i1 @llvm.bitset.test(i8* %[[VT2]], metadata !"?AUA@@"), !nosanitize
// CHECK: br i1 %[[TEST]], label %[[CONT:.*]], label %[[SLOW:.*]], {{.*}} !nosanitize
// CHECK: [[SLOW]]:
// ITANIUM: call void @__cfi_slowpath(i64 7004155349499253778, i8* %[[VT2]]) {{.*}} !nosanitize
// MS: call void @__cfi_slowpath(i64 -8005289897957287421, i8* %[[VT2]]) {{.*}} !nosanitize
// CHECK: br label %[[CONT]], !nosanitize
// CHECK: [[CONT]]:
// CHECK: call void %{{.*}}(%struct.A* %{{.*}})
// No hash-based bit set entry for (anonymous namespace)::B
// ITANIUM-NOT: !{i64 {{.*}}, [3 x i8*]* @_ZTVN12_GLOBAL__N_11BE,
// MS-NOT: !{i64 {{.*}}, [2 x i8*]* @[[B_VTABLE]],

test/Driver/fsanitize.c

Show First 20 LinesShow All 257 Lines▼ Show 20 Lines
// RUN: %clang -target x86_64-apple-darwin10 -mmacosx-version-min=10.7 -flto -fsanitize=cfi-vcall -fno-sanitize-trap=cfi -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NOTRAP-OLD-MACOS // RUN: %clang -target x86_64-apple-darwin10 -mmacosx-version-min=10.7 -flto -fsanitize=cfi-vcall -fno-sanitize-trap=cfi -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NOTRAP-OLD-MACOS
// CHECK-CFI-NOTRAP-OLD-MACOS: error: unsupported option '-fno-sanitize-trap=cfi-vcall' for target 'x86_64-apple-darwin10' // CHECK-CFI-NOTRAP-OLD-MACOS: error: unsupported option '-fno-sanitize-trap=cfi-vcall' for target 'x86_64-apple-darwin10'
// RUN: %clang -target x86_64-pc-win32 -flto -fsanitize=cfi-vcall -fno-sanitize-trap=cfi -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NOTRAP-WIN // RUN: %clang -target x86_64-pc-win32 -flto -fsanitize=cfi-vcall -fno-sanitize-trap=cfi -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NOTRAP-WIN
// CHECK-CFI-NOTRAP-WIN: -emit-llvm-bc // CHECK-CFI-NOTRAP-WIN: -emit-llvm-bc
// CHECK-CFI-NOTRAP-WIN-NOT: -fsanitize-trap=cfi // CHECK-CFI-NOTRAP-WIN-NOT: -fsanitize-trap=cfi
// RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi -fsanitize-cfi-cross-dso -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-CROSS-DSO
// RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NO-CROSS-DSO
// RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi -fsanitize-cfi-cross-dso -fno-sanitize-cfi-cross-dso -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NO-CROSS-DSO
// RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi -fno-sanitize-cfi-cross-dso -fsanitize-cfi-cross-dso -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-CROSS-DSO
// CHECK-CFI-CROSS-DSO: -emit-llvm-bc
// CHECK-CFI-CROSS-DSO: -fsanitize-cfi-cross-dso
// CHECK-CFI-NO-CROSS-DSO: -emit-llvm-bc
// CHECK-CFI-NO-CROSS-DSO-NOT: -fsanitize-cfi-cross-dso
// RUN: %clang_cl -fsanitize=address -c -MDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -MDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -MTd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -MTd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -LDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -LDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -MD -MDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -MD -MDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -MT -MTd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -MT -MTd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -LD -LDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -LD -LDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// CHECK-ASAN-DEBUGRTL: error: invalid argument // CHECK-ASAN-DEBUGRTL: error: invalid argument
// CHECK-ASAN-DEBUGRTL: not allowed with '-fsanitize=address' // CHECK-ASAN-DEBUGRTL: not allowed with '-fsanitize=address'
▲ Show 20 LinesShow All 44 LinesShow Last 20 Lines

test/Driver/sanitizer-ld.c

Show First 20 LinesShow All 285 Lines▼ Show 20 Lines
// RUN: -target x86_64-unknown-linux \ // RUN: -target x86_64-unknown-linux \
// RUN: --sysroot=%S/Inputs/basic_linux_tree \ // RUN: --sysroot=%S/Inputs/basic_linux_tree \
// RUN: | FileCheck --check-prefix=CHECK-LSAN-ASAN-LINUX %s // RUN: | FileCheck --check-prefix=CHECK-LSAN-ASAN-LINUX %s
// CHECK-LSAN-ASAN-LINUX: "{{.*}}ld{{(.exe)?}}" // CHECK-LSAN-ASAN-LINUX: "{{.*}}ld{{(.exe)?}}"
// CHECK-LSAN-ASAN-LINUX-NOT: libclang_rt.lsan // CHECK-LSAN-ASAN-LINUX-NOT: libclang_rt.lsan
// CHECK-LSAN-ASAN-LINUX: libclang_rt.asan-x86_64 // CHECK-LSAN-ASAN-LINUX: libclang_rt.asan-x86_64
// CHECK-LSAN-ASAN-LINUX-NOT: libclang_rt.lsan // CHECK-LSAN-ASAN-LINUX-NOT: libclang_rt.lsan
// CFI by itself does not link runtime libraries.
// RUN: %clang -fsanitize=cfi %s -### -o %t.o 2>&1 \
// RUN: -target x86_64-unknown-linux \
// RUN: --sysroot=%S/Inputs/basic_linux_tree \
// RUN: | FileCheck --check-prefix=CHECK-CFI-LINUX %s
// CHECK-CFI-LINUX: "{{.*}}ld{{(.exe)?}}"
// CHECK-CFI-LINUX-NOT: libclang_rt.
// CFI with diagnostics links the UBSan runtime.
// RUN: %clang -fsanitize=cfi -fno-sanitize-trap=cfi -fsanitize-recover=cfi \
// RUN: %s -### -o %t.o 2>&1\
// RUN: -target x86_64-unknown-linux \
// RUN: --sysroot=%S/Inputs/basic_linux_tree \
// RUN: | FileCheck --check-prefix=CHECK-CFI-DIAG-LINUX %s
// CHECK-CFI-DIAG-LINUX: "{{.*}}ld{{(.exe)?}}"
// CHECK-CFI-CROSS-DSO-LINUX-NOT: libclang_rt.
// CHECK-CFI-DIAG-LINUX: libclang_rt.ubsan
// CHECK-CFI-CROSS-DSO-LINUX-NOT: libclang_rt.
// Cross-DSO CFI links the CFI runtime.
// RUN: %clang -fsanitize=cfi -fsanitize-cfi-cross-dso %s -### -o %t.o 2>&1 \
// RUN: -target x86_64-unknown-linux \
// RUN: --sysroot=%S/Inputs/basic_linux_tree \
// RUN: | FileCheck --check-prefix=CHECK-CFI-CROSS-DSO-LINUX %s
// CHECK-CFI-CROSS-DSO-LINUX: "{{.*}}ld{{(.exe)?}}"
// CHECK-CFI-CROSS-DSO-LINUX-NOT: libclang_rt.
// CHECK-CFI-CROSS-DSO-LINUX: libclang_rt.cfi
// CHECK-CFI-CROSS-DSO-LINUX-NOT: libclang_rt.
// Cross-DSO CFI with diagnostics links just the CFI runtime.
// RUN: %clang -fsanitize=cfi -fsanitize-cfi-cross-dso %s -### -o %t.o 2>&1 \
// RUN: -fno-sanitize-trap=cfi -fsanitize-recover=cfi \
// RUN: -target x86_64-unknown-linux \
// RUN: --sysroot=%S/Inputs/basic_linux_tree \
// RUN: | FileCheck --check-prefix=CHECK-CFI-CROSS-DSO-DIAG-LINUX %s
// CHECK-CFI-CROSS-DSO-DIAG-LINUX: "{{.*}}ld{{(.exe)?}}"
// CHECK-CFI-CROSS-DSO-DIAG-LINUX-NOT: libclang_rt.
// CHECK-CFI-CROSS-DSO-DIAG-LINUX: libclang_rt.cfi
// CHECK-CFI-CROSS-DSO-DIAG-LINUX-NOT: libclang_rt.
// RUN: %clangxx -fsanitize=address %s -### -o %t.o 2>&1 \ // RUN: %clangxx -fsanitize=address %s -### -o %t.o 2>&1 \
// RUN: -mmacosx-version-min=10.6 \ // RUN: -mmacosx-version-min=10.6 \
// RUN: -target x86_64-apple-darwin13.4.0 \ // RUN: -target x86_64-apple-darwin13.4.0 \
// RUN: --sysroot=%S/Inputs/basic_linux_tree \ // RUN: --sysroot=%S/Inputs/basic_linux_tree \
// RUN: | FileCheck --check-prefix=CHECK-ASAN-DARWIN106-CXX %s // RUN: | FileCheck --check-prefix=CHECK-ASAN-DARWIN106-CXX %s
// CHECK-ASAN-DARWIN106-CXX: "{{.*}}ld{{(.exe)?}}" // CHECK-ASAN-DARWIN106-CXX: "{{.*}}ld{{(.exe)?}}"
// CHECK-ASAN-DARWIN106-CXX: libclang_rt.asan_osx_dynamic.dylib // CHECK-ASAN-DARWIN106-CXX: libclang_rt.asan_osx_dynamic.dylib
// CHECK-ASAN-DARWIN106-CXX-NOT: -lc++abi // CHECK-ASAN-DARWIN106-CXX-NOT: -lc++abi
▲ Show 20 LinesShow All 56 LinesShow Last 20 Lines