This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
cfe/trunk/
-
trunk/
-
lib/CodeGen/
-
CodeGen/
-
CGExprCXX.cpp
-
test/CodeGenCXX/
-
CodeGenCXX/
-
typeid-should-throw.cpp

Differential D4416

CodeGen: Properly null-check typeid expressions
ClosedPublic

Authored by majnemer on Jul 8 2014, 12:59 AM.

Download Raw Diff

Details

Reviewers

rsmith

Commits

rG4fbb1b9f9861: CodeGen: Properly null-check typeid expressions
rC213401: CodeGen: Properly null-check typeid expressions
rL213401: CodeGen: Properly null-check typeid expressions

Summary

Thoroughly check for a pointer dereference which yields a glvalue. Look
through casts, comma operators, conditional operators, paren
expressions, etc.

Diff Detail

Repository: rL LLVM

Event Timeline

majnemer updated this revision to Diff 11143.Jul 8 2014, 12:59 AM

majnemer retitled this revision from to CodeGen: Properly null-check typeid expressions.

majnemer updated this object.

majnemer added a reviewer: rsmith.

majnemer added a subscriber: Unknown Object (MLST).

rsmith added inline comments.Jul 13 2014, 4:53 PM

lib/CodeGen/CGExprCXX.cpp
1618 ↗	(On Diff #11143)	This doesn't handle ((T)nullptr)[0] Its semantics are defined in terms of a desugaring to ((T*)nullptr + 0) ... so I suppose we should probably handle it here, but it's not entirely clear.
1619 ↗	(On Diff #11143)	I think this will insert a null check for T p; typeid( (const T&)(T)p ) ... which doesn't seem strictly necessary (though superfluous null checks here seem pretty harmless).

Address Richard's comments.

majnemer added inline comments.Jul 14 2014, 9:47 AM

lib/CodeGen/CGExprCXX.cpp
1618 ↗	(On Diff #11143)	I've updated `isGLValueFromPointerDeref` to handle this.
1619 ↗	(On Diff #11143)	I can live with inserting an extra null check here.

Address Richard's comments.

rsmith added inline comments.Jul 15 2014, 4:39 PM

lib/CodeGen/CGExprCXX.cpp
1622 ↗	(On Diff #11471)	Maybe add a test for the xvalue case; something like `typeid((T&&)(T)nullptr)` ?
1636 ↗	(On Diff #11471)	How could this not be the case? Also, you have no test coverage for binary conditionals.
1660 ↗	(On Diff #11471)	Maybe extend this to say that it's not clear what this means, but we use the most generous interpretation.

Closed by commit rL213401 (authored by @majnemer).

lib/CodeGen/CGExprCXX.cpp
1622 ↗	(On Diff #11471)	Done.
1636 ↗	(On Diff #11471)	A test has been added, this code has been merged with the `ConditionalOperator` case above.
1660 ↗	(On Diff #11471)	Done.

Revision Contents

Path

Size

cfe/

trunk/

lib/

CodeGen/

CGExprCXX.cpp

31 lines

test/

CodeGenCXX/

typeid-should-throw.cpp

44 lines

Diff 11667

cfe/trunk/lib/CodeGen/CGExprCXX.cpp

Show First 20 Lines • Show All 1,609 Lines • ▼ Show 20 Lines	void CodeGenFunction::EmitCXXDeleteExpr(const CXXDeleteExpr *E) {
} else {		} else {
EmitObjectDelete(*this, E->getOperatorDelete(), Ptr, DeleteTy,		EmitObjectDelete(*this, E->getOperatorDelete(), Ptr, DeleteTy,
E->isGlobalDelete());		E->isGlobalDelete());
}		}

EmitBlock(DeleteEnd);		EmitBlock(DeleteEnd);
}		}

		static bool isGLValueFromPointerDeref(const Expr *E) {
		E = E->IgnoreParenCasts();

		if (const auto *UO = dyn_cast<UnaryOperator>(E))
		if (UO->getOpcode() == UO_Deref)
		return true;

		if (const auto *BO = dyn_cast<BinaryOperator>(E))
		if (BO->getOpcode() == BO_Comma)
		return isGLValueFromPointerDeref(BO->getRHS());

		if (const auto *CO = dyn_cast<ConditionalOperator>(E))
		return isGLValueFromPointerDeref(CO->getTrueExpr()) \|\|
		isGLValueFromPointerDeref(CO->getFalseExpr());

		if (const auto *BCO = dyn_cast<BinaryConditionalOperator>(E))
		if (const auto *OVE = dyn_cast<OpaqueValueExpr>(BCO->getTrueExpr()))
		return isGLValueFromPointerDeref(OVE->getSourceExpr()) \|\|
		isGLValueFromPointerDeref(BCO->getFalseExpr());

		return false;
		}

static llvm::Value EmitTypeidFromVTable(CodeGenFunction &CGF, const Expr E,		static llvm::Value EmitTypeidFromVTable(CodeGenFunction &CGF, const Expr E,
llvm::Type *StdTypeInfoPtrTy) {		llvm::Type *StdTypeInfoPtrTy) {
// Get the vtable pointer.		// Get the vtable pointer.
llvm::Value *ThisPtr = CGF.EmitLValue(E).getAddress();		llvm::Value *ThisPtr = CGF.EmitLValue(E).getAddress();

// C++ [expr.typeid]p2:		// C++ [expr.typeid]p2:
// If the glvalue expression is obtained by applying the unary * operator to		// If the glvalue expression is obtained by applying the unary * operator to
// a pointer and the pointer is a null pointer value, the typeid expression		// a pointer and the pointer is a null pointer value, the typeid expression
// throws the std::bad_typeid exception.		// throws the std::bad_typeid exception.
bool IsDeref = false;
if (const UnaryOperator *UO = dyn_cast<UnaryOperator>(E->IgnoreParens()))
if (UO->getOpcode() == UO_Deref)
IsDeref = true;

QualType SrcRecordTy = E->getType();		QualType SrcRecordTy = E->getType();
if (CGF.CGM.getCXXABI().shouldTypeidBeNullChecked(IsDeref, SrcRecordTy)) {		if (CGF.CGM.getCXXABI().shouldTypeidBeNullChecked(
		isGLValueFromPointerDeref(E), SrcRecordTy)) {
llvm::BasicBlock *BadTypeidBlock =		llvm::BasicBlock *BadTypeidBlock =
CGF.createBasicBlock("typeid.bad_typeid");		CGF.createBasicBlock("typeid.bad_typeid");
llvm::BasicBlock *EndBlock = CGF.createBasicBlock("typeid.end");		llvm::BasicBlock *EndBlock = CGF.createBasicBlock("typeid.end");

llvm::Value *IsNull = CGF.Builder.CreateIsNull(ThisPtr);		llvm::Value *IsNull = CGF.Builder.CreateIsNull(ThisPtr);
CGF.Builder.CreateCondBr(IsNull, BadTypeidBlock, EndBlock);		CGF.Builder.CreateCondBr(IsNull, BadTypeidBlock, EndBlock);

CGF.EmitBlock(BadTypeidBlock);		CGF.EmitBlock(BadTypeidBlock);
▲ Show 20 Lines • Show All 145 Lines • Show Last 20 Lines

cfe/trunk/test/CodeGenCXX/typeid-should-throw.cpp

				// RUN: %clang_cc1 %s -triple %itanium_abi_triple -Wno-unused-value -emit-llvm -o - \| FileCheck %s
				namespace std {
				struct type_info;
				}

				struct A {
				virtual ~A();
				};
				struct B : A {};

				void f1(A x) { typeid(false, x); }
				// CHECK-LABEL: define void @_Z2f1P1A
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f2(bool b, A x, A y) { typeid(b ? x : y); }
				// CHECK-LABEL: define void @_Z2f2bP1AS0_
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f3(bool b, A x, A &y) { typeid(b ? x : y); }
				// CHECK-LABEL: define void @_Z2f3bP1ARS_
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f4(bool b, A &x, A y) { typeid(b ? x : y); }
				// CHECK-LABEL: define void @_Z2f4bR1APS_
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f5(volatile A x) { typeid(x); }
				// CHECK-LABEL: define void @_Z2f5PV1A
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f6(A x) { typeid((B &)(B *)x); }
				// CHECK-LABEL: define void @_Z2f6P1A
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f7(A x) { typeid((x)); }
				// CHECK-LABEL: define void @_Z2f7P1A
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1