This is an archive of the discontinued LLVM Phabricator instance.

Differential D10520

CFI: Implement bitset emission for the Microsoft ABI.
ClosedPublic

Authored by pcc on Jun 17 2015, 4:03 PM.

Details

Reviewers
majnemer
rnk
Commits
rGd954601f6364: CFI: Implement bitset emission for the Microsoft ABI.
rC240117: CFI: Implement bitset emission for the Microsoft ABI.
rL240117: CFI: Implement bitset emission for the Microsoft ABI.
Summary

Clang's control flow integrity implementation works by conceptually attaching
"tags" (in the form of bitset entries) to each virtual table, identifying
the names of the classes that the virtual table is compatible with. Under
the Itanium ABI, it is simple to assign tags to virtual tables; they are
simply the address points, which are available via VTableLayout. Because any
overridden methods receive an entry in the derived class's virtual table,
a check for an overridden method call can always be done by checking the
tag of whichever derived class overrode the method call.

The Microsoft ABI is a little different, as it does not directly use address
points, and overrides in a derived class do not cause new virtual table entries
to be added to the derived class; instead, the slot in the base class is
reused, and the compiler needs to adjust the this pointer at the call site
to (generally) the base class that initially defined the method. After the
this pointer has been adjusted, we cannot check for the derived class's tag,
as the virtual table may not be compatible with the derived class. So we
need to determine which base class we have been adjusted to.

Specifically, at each call site, we use ASTRecordLayout to identify the most
derived class whose virtual table is laid out at the "this" pointer offset
we are using to make the call, and check the virtual table for that tag.

Because address point information is unavailable, we "reconstruct" it as
follows: any virtual tables we create for a non-derived class receive a tag
for that class, and virtual tables for a base class inside a derived class
receive a tag for the base class, together with tags for any derived classes
which are laid out at the same position as the derived class (and therefore
have compatible virtual tables).

Diff Detail

Repository
rL LLVM

Event Timeline

pcc updated this revision to Diff 27887.Jun 17 2015, 4:03 PM
pcc retitled this revision from to CFI: Implement bitset emission for the Microsoft ABI..
pcc updated this object.
pcc edited the test plan for this revision. (Show Details)
pcc added a reviewer: majnemer.
pcc added subscribers: rnk, Unknown Object (MLST).
rnk accepted this revision.Jun 18 2015, 10:06 AM
rnk added a reviewer: rnk.

Looks good

lib/AST/MicrosoftMangle.cpp
2765 ↗(On Diff #27887)

What about NoLinkage, which I believe applies to types declared in functions? This check appears equivalent to !RD->isExternallyVisible(), which I think is probably what you want.

This is the test case I'm imagining:
foo.h:

struct A { virtual int f(); };
void use_a(A&);

a.cpp:

static void f() { struct B : A { virtual int f() { return 1; } } b; use_a(b); }

b.cpp:

static void f() { struct B : A { virtual int f() { return 2; } } b; use_a(b); }

It seems like you'd need two distinct tags for B, right?

lib/CodeGen/MicrosoftCXXABI.cpp
1701–1705 ↗(On Diff #27887)

Sigh. I wish we didn't have to do this. We should be able to provide the record decl that originally established the vftable slot in the method location, but it's not easy and requires a good understanding of the MS vftable code, which is pretty opaque. So let's do this for now.

I guess your algorithm also computes something subtly different. In this example, you'll get B when calling f:

struct A { virtual void f(); };
struct B : A { virtual void g(); };

Whereas I would think of it as being the vftable introduced by A.

This revision is now accepted and ready to land.Jun 18 2015, 10:06 AM
Closed by commit rL240117: CFI: Implement bitset emission for the Microsoft ABI. (authored by pcc). · Explain WhyJun 18 2015, 7:35 PM
This revision was automatically updated to reflect the committed changes.
pcc added inline comments.Jun 18 2015, 7:37 PM
lib/AST/MicrosoftMangle.cpp
2765 ↗(On Diff #27887)

Good catch. !RD->isExternallyVisible() does seem like the correct test. The Itanium implementation had the same problem; I've fixed that as well and added a test for both.

lib/CodeGen/MicrosoftCXXABI.cpp
1701–1705 ↗(On Diff #27887)

Right, but I believe that we semantically analyse this as an implicit derived-to-base conversion followed by a call, so we do end up getting A in the end. (Ideally we probably do want to use the most-derived class to improve the precision of the check. See also the XFAILed test case compiler-rt/test/cfi/sibling.cpp.)

Revision Contents

PathSize
cfe/
trunk/
lib/
AST/
3 lines
12 lines
CodeGen/
104 lines
test/
CodeGenCXX/
112 lines

Diff 27991

cfe/trunk/lib/AST/ItaniumMangle.cpp

Show First 20 LinesShow All 4,060 Lines▼ Show 20 Lines
} }
void ItaniumMangleContextImpl::mangleTypeName(QualType Ty, raw_ostream &Out) { void ItaniumMangleContextImpl::mangleTypeName(QualType Ty, raw_ostream &Out) {
mangleCXXRTTIName(Ty, Out); mangleCXXRTTIName(Ty, Out);
} }
void ItaniumMangleContextImpl::mangleCXXVTableBitSet(const CXXRecordDecl *RD, void ItaniumMangleContextImpl::mangleCXXVTableBitSet(const CXXRecordDecl *RD,
raw_ostream &Out) { raw_ostream &Out) {
Linkage L = RD->getLinkageInternal(); if (!RD->isExternallyVisible()) {
if (L == InternalLinkage || L == UniqueExternalLinkage) {
// This part of the identifier needs to be unique across all translation // This part of the identifier needs to be unique across all translation
// units in the linked program. The scheme fails if multiple translation // units in the linked program. The scheme fails if multiple translation
// units are compiled using the same relative source file path, or if // units are compiled using the same relative source file path, or if
// multiple translation units are built from the same source file. // multiple translation units are built from the same source file.
SourceManager &SM = getASTContext().getSourceManager(); SourceManager &SM = getASTContext().getSourceManager();
Out << "[" << SM.getFileEntryForID(SM.getMainFileID())->getName() << "]"; Out << "[" << SM.getFileEntryForID(SM.getMainFileID())->getName() << "]";
} }
Show All 13 Lines

cfe/trunk/lib/AST/MicrosoftMangle.cpp

Show First 20 LinesShow All 2,755 Lines▼ Show 20 Lines for (unsigned NullTerminator = 0; NullTerminator < SL->getCharByteWidth();
++NullTerminator) ++NullTerminator)
MangleByte(0); MangleByte(0);
Mangler.getStream() << '@'; Mangler.getStream() << '@';
} }
void MicrosoftMangleContextImpl::mangleCXXVTableBitSet(const CXXRecordDecl *RD, void MicrosoftMangleContextImpl::mangleCXXVTableBitSet(const CXXRecordDecl *RD,
raw_ostream &Out) { raw_ostream &Out) {
llvm::report_fatal_error("Cannot mangle bitsets yet"); if (!RD->isExternallyVisible()) {
// This part of the identifier needs to be unique across all translation
// units in the linked program. The scheme fails if multiple translation
// units are compiled using the same relative source file path, or if
// multiple translation units are built from the same source file.
SourceManager &SM = getASTContext().getSourceManager();
Out << "[" << SM.getFileEntryForID(SM.getMainFileID())->getName() << "]";
}
MicrosoftCXXNameMangler mangler(*this, Out);
mangler.mangleName(RD);
} }
MicrosoftMangleContext * MicrosoftMangleContext *
MicrosoftMangleContext::create(ASTContext &Context, DiagnosticsEngine &Diags) { MicrosoftMangleContext::create(ASTContext &Context, DiagnosticsEngine &Diags) {
return new MicrosoftMangleContextImpl(Context, Diags); return new MicrosoftMangleContextImpl(Context, Diags);
} }

cfe/trunk/lib/CodeGen/MicrosoftCXXABI.cpp

Show First 20 LinesShow All 199 Lines▼ Show 20 Lines unsigned addImplicitConstructorArgs(CodeGenFunction &CGF,
CXXCtorType Type, bool ForVirtualBase, CXXCtorType Type, bool ForVirtualBase,
bool Delegating, bool Delegating,
CallArgList &Args) override; CallArgList &Args) override;
void EmitDestructorCall(CodeGenFunction &CGF, const CXXDestructorDecl *DD, void EmitDestructorCall(CodeGenFunction &CGF, const CXXDestructorDecl *DD,
CXXDtorType Type, bool ForVirtualBase, CXXDtorType Type, bool ForVirtualBase,
bool Delegating, llvm::Value *This) override; bool Delegating, llvm::Value *This) override;
void emitVTableBitSetEntries(VPtrInfo *Info, const CXXRecordDecl *RD,
llvm::GlobalVariable *VTable);
void emitVTableDefinitions(CodeGenVTables &CGVT, void emitVTableDefinitions(CodeGenVTables &CGVT,
const CXXRecordDecl *RD) override; const CXXRecordDecl *RD) override;
llvm::Value *getVTableAddressPointInStructor( llvm::Value *getVTableAddressPointInStructor(
CodeGenFunction &CGF, const CXXRecordDecl *VTableClass, CodeGenFunction &CGF, const CXXRecordDecl *VTableClass,
BaseSubobject Base, const CXXRecordDecl *NearestVBase, BaseSubobject Base, const CXXRecordDecl *NearestVBase,
bool &NeedsVirtualOffset) override; bool &NeedsVirtualOffset) override;
▲ Show 20 LinesShow All 1,180 Lines▼ Show 20 Linesvoid MicrosoftCXXABI::EmitDestructorCall(CodeGenFunction &CGF,
} }
CGF.EmitCXXStructorCall(DD, Callee, ReturnValueSlot(), This, CGF.EmitCXXStructorCall(DD, Callee, ReturnValueSlot(), This,
/*ImplicitParam=*/nullptr, /*ImplicitParam=*/nullptr,
/*ImplicitParamTy=*/QualType(), nullptr, /*ImplicitParamTy=*/QualType(), nullptr,
getFromDtorType(Type)); getFromDtorType(Type));
} }
void MicrosoftCXXABI::emitVTableBitSetEntries(VPtrInfo *Info,
const CXXRecordDecl *RD,
llvm::GlobalVariable *VTable) {
if (!getContext().getLangOpts().Sanitize.has(SanitizerKind::CFIVCall) &&
!getContext().getLangOpts().Sanitize.has(SanitizerKind::CFINVCall) &&
!getContext().getLangOpts().Sanitize.has(SanitizerKind::CFIDerivedCast) &&
!getContext().getLangOpts().Sanitize.has(SanitizerKind::CFIUnrelatedCast))
return;
llvm::NamedMDNode *BitsetsMD =
CGM.getModule().getOrInsertNamedMetadata("llvm.bitsets");
CharUnits PointerWidth = getContext().toCharUnitsFromBits(
getContext().getTargetInfo().getPointerWidth(0));
// FIXME: Add blacklisting scheme.
if (Info->PathToBaseWithVPtr.empty()) {
BitsetsMD->addOperand(
CGM.CreateVTableBitSetEntry(VTable, PointerWidth, RD));
return;
}
// Add a bitset entry for the least derived base belonging to this vftable.
BitsetsMD->addOperand(CGM.CreateVTableBitSetEntry(
VTable, PointerWidth, Info->PathToBaseWithVPtr.back()));
// Add a bitset entry for each derived class that is laid out at the same
// offset as the least derived base.
for (unsigned I = Info->PathToBaseWithVPtr.size() - 1; I != 0; --I) {
const CXXRecordDecl *DerivedRD = Info->PathToBaseWithVPtr[I - 1];
const CXXRecordDecl *BaseRD = Info->PathToBaseWithVPtr[I];
const ASTRecordLayout &Layout =
getContext().getASTRecordLayout(DerivedRD);
CharUnits Offset;
auto VBI = Layout.getVBaseOffsetsMap().find(BaseRD);
if (VBI == Layout.getVBaseOffsetsMap().end())
Offset = Layout.getBaseClassOffset(BaseRD);
else
Offset = VBI->second.VBaseOffset;
if (!Offset.isZero())
return;
BitsetsMD->addOperand(
CGM.CreateVTableBitSetEntry(VTable, PointerWidth, DerivedRD));
}
// Finally do the same for the most derived class.
if (Info->FullOffsetInMDC.isZero())
BitsetsMD->addOperand(
CGM.CreateVTableBitSetEntry(VTable, PointerWidth, RD));
}
void MicrosoftCXXABI::emitVTableDefinitions(CodeGenVTables &CGVT, void MicrosoftCXXABI::emitVTableDefinitions(CodeGenVTables &CGVT,
const CXXRecordDecl *RD) { const CXXRecordDecl *RD) {
MicrosoftVTableContext &VFTContext = CGM.getMicrosoftVTableContext(); MicrosoftVTableContext &VFTContext = CGM.getMicrosoftVTableContext();
const VPtrInfoVector &VFPtrs = VFTContext.getVFPtrOffsets(RD); const VPtrInfoVector &VFPtrs = VFTContext.getVFPtrOffsets(RD);
for (VPtrInfo *Info : VFPtrs) { for (VPtrInfo *Info : VFPtrs) {
llvm::GlobalVariable *VTable = getAddrOfVTable(RD, Info->FullOffsetInMDC); llvm::GlobalVariable *VTable = getAddrOfVTable(RD, Info->FullOffsetInMDC);
if (VTable->hasInitializer()) if (VTable->hasInitializer())
continue; continue;
llvm::Constant *RTTI = getContext().getLangOpts().RTTIData llvm::Constant *RTTI = getContext().getLangOpts().RTTIData
? getMSCompleteObjectLocator(RD, Info) ? getMSCompleteObjectLocator(RD, Info)
: nullptr; : nullptr;
const VTableLayout &VTLayout = const VTableLayout &VTLayout =
VFTContext.getVFTableLayout(RD, Info->FullOffsetInMDC); VFTContext.getVFTableLayout(RD, Info->FullOffsetInMDC);
llvm::Constant *Init = CGVT.CreateVTableInitializer( llvm::Constant *Init = CGVT.CreateVTableInitializer(
RD, VTLayout.vtable_component_begin(), RD, VTLayout.vtable_component_begin(),
VTLayout.getNumVTableComponents(), VTLayout.vtable_thunk_begin(), VTLayout.getNumVTableComponents(), VTLayout.vtable_thunk_begin(),
VTLayout.getNumVTableThunks(), RTTI); VTLayout.getNumVTableThunks(), RTTI);
VTable->setInitializer(Init); VTable->setInitializer(Init);
emitVTableBitSetEntries(Info, RD, VTable);
} }
} }
llvm::Value *MicrosoftCXXABI::getVTableAddressPointInStructor( llvm::Value *MicrosoftCXXABI::getVTableAddressPointInStructor(
CodeGenFunction &CGF, const CXXRecordDecl *VTableClass, BaseSubobject Base, CodeGenFunction &CGF, const CXXRecordDecl *VTableClass, BaseSubobject Base,
const CXXRecordDecl *NearestVBase, bool &NeedsVirtualOffset) { const CXXRecordDecl *NearestVBase, bool &NeedsVirtualOffset) {
NeedsVirtualOffset = (NearestVBase != nullptr); NeedsVirtualOffset = (NearestVBase != nullptr);
▲ Show 20 LinesShow All 146 Lines▼ Show 20 Lines if (RD->hasAttr<DLLImportAttr>())
VFTable->setDLLStorageClass(llvm::GlobalValue::DLLImportStorageClass); VFTable->setDLLStorageClass(llvm::GlobalValue::DLLImportStorageClass);
else if (RD->hasAttr<DLLExportAttr>()) else if (RD->hasAttr<DLLExportAttr>())
VFTable->setDLLStorageClass(llvm::GlobalValue::DLLExportStorageClass); VFTable->setDLLStorageClass(llvm::GlobalValue::DLLExportStorageClass);
VFTablesMap[ID] = VFTable; VFTablesMap[ID] = VFTable;
return VTable; return VTable;
} }
// Compute the identity of the most derived class whose virtual table is located
// at the given offset into RD.
static const CXXRecordDecl *getClassAtVTableLocation(ASTContext &Ctx,
const CXXRecordDecl *RD,
CharUnits Offset) {
if (Offset.isZero())
return RD;
const ASTRecordLayout &Layout = Ctx.getASTRecordLayout(RD);
const CXXRecordDecl *MaxBase = nullptr;
CharUnits MaxBaseOffset;
for (auto &&B : RD->bases()) {
const CXXRecordDecl *Base = B.getType()->getAsCXXRecordDecl();
CharUnits BaseOffset = Layout.getBaseClassOffset(Base);
if (BaseOffset <= Offset && BaseOffset > MaxBaseOffset) {
MaxBase = Base;
MaxBaseOffset = BaseOffset;
}
}
for (auto &&B : RD->vbases()) {
const CXXRecordDecl *Base = B.getType()->getAsCXXRecordDecl();
CharUnits BaseOffset = Layout.getVBaseClassOffset(Base);
if (BaseOffset <= Offset && BaseOffset > MaxBaseOffset) {
MaxBase = Base;
MaxBaseOffset = BaseOffset;
}
}
assert(MaxBase);
return getClassAtVTableLocation(Ctx, MaxBase, Offset - MaxBaseOffset);
}
// Compute the identity of the most derived class whose virtual table is located
// at the MethodVFTableLocation ML.
static const CXXRecordDecl *
getClassAtVTableLocation(ASTContext &Ctx, GlobalDecl GD,
MicrosoftVTableContext::MethodVFTableLocation &ML) {
const CXXRecordDecl *RD = ML.VBase;
if (!RD)
RD = cast<CXXMethodDecl>(GD.getDecl())->getParent();
return getClassAtVTableLocation(Ctx, RD, ML.VFPtrOffset);
}
llvm::Value *MicrosoftCXXABI::getVirtualFunctionPointer(CodeGenFunction &CGF, llvm::Value *MicrosoftCXXABI::getVirtualFunctionPointer(CodeGenFunction &CGF,
GlobalDecl GD, GlobalDecl GD,
llvm::Value *This, llvm::Value *This,
llvm::Type *Ty, llvm::Type *Ty,
SourceLocation Loc) { SourceLocation Loc) {
GD = GD.getCanonicalDecl(); GD = GD.getCanonicalDecl();
CGBuilderTy &Builder = CGF.Builder; CGBuilderTy &Builder = CGF.Builder;
Ty = Ty->getPointerTo()->getPointerTo(); Ty = Ty->getPointerTo()->getPointerTo();
llvm::Value *VPtr = llvm::Value *VPtr =
adjustThisArgumentForVirtualFunctionCall(CGF, GD, This, true); adjustThisArgumentForVirtualFunctionCall(CGF, GD, This, true);
llvm::Value *VTable = CGF.GetVTablePtr(VPtr, Ty); llvm::Value *VTable = CGF.GetVTablePtr(VPtr, Ty);
MicrosoftVTableContext::MethodVFTableLocation ML = MicrosoftVTableContext::MethodVFTableLocation ML =
CGM.getMicrosoftVTableContext().getMethodVFTableLocation(GD); CGM.getMicrosoftVTableContext().getMethodVFTableLocation(GD);
if (CGF.SanOpts.has(SanitizerKind::CFIVCall))
CGF.EmitVTablePtrCheck(getClassAtVTableLocation(getContext(), GD, ML),
VTable, CodeGenFunction::CFITCK_VCall, Loc);
llvm::Value *VFuncPtr = llvm::Value *VFuncPtr =
Builder.CreateConstInBoundsGEP1_64(VTable, ML.Index, "vfn"); Builder.CreateConstInBoundsGEP1_64(VTable, ML.Index, "vfn");
return Builder.CreateLoad(VFuncPtr); return Builder.CreateLoad(VFuncPtr);
} }
llvm::Value *MicrosoftCXXABI::EmitVirtualDestructorCall( llvm::Value *MicrosoftCXXABI::EmitVirtualDestructorCall(
CodeGenFunction &CGF, const CXXDestructorDecl *Dtor, CXXDtorType DtorType, CodeGenFunction &CGF, const CXXDestructorDecl *Dtor, CXXDtorType DtorType,
llvm::Value *This, const CXXMemberCallExpr *CE) { llvm::Value *This, const CXXMemberCallExpr *CE) {
▲ Show 20 LinesShow All 2,252 LinesShow Last 20 Lines

cfe/trunk/test/CodeGenCXX/cfi-vcall.cpp

// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-vcall -fsanitize-trap=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=NDIAG %s // RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-vcall -fsanitize-trap=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=ITANIUM --check-prefix=NDIAG %s
// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=DIAG --check-prefix=DIAG-ABORT %s // RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=ITANIUM --check-prefix=DIAG --check-prefix=DIAG-ABORT %s
// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-vcall -fsanitize-recover=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=DIAG --check-prefix=DIAG-RECOVER %s // RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-vcall -fsanitize-recover=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=ITANIUM --check-prefix=DIAG --check-prefix=DIAG-RECOVER %s
// RUN: %clang_cc1 -triple x86_64-pc-windows-msvc -fsanitize=cfi-vcall -fsanitize-trap=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=MS --check-prefix=NDIAG %s
// MS: @[[VTA:[0-9]*]] {{.*}} comdat($"\01??_7A@@6B@")
// MS: @[[VTB:[0-9]*]] {{.*}} comdat($"\01??_7B@@6B0@@")
// MS: @[[VTAinB:[0-9]*]] {{.*}} comdat($"\01??_7B@@6BA@@@")
// MS: @[[VTAinC:[0-9]*]] {{.*}} comdat($"\01??_7C@@6B@")
// MS: @[[VTBinD:[0-9]*]] {{.*}} comdat($"\01??_7D@?A@@6BB@@@")
// MS: @[[VTAinBinD:[0-9]*]] {{.*}} comdat($"\01??_7D@?A@@6BA@@@")
// MS: @[[VTFA:[0-9]*]] {{.*}} comdat($"\01??_7FA@?1??foo@@YAXXZ@6B@")
struct A { struct A {
A(); A();
virtual void f(); virtual void f();
}; };
struct B : virtual A { struct B : virtual A {
B(); B();
virtual void g();
virtual void h();
}; };
struct C : virtual A { struct C : virtual A {
C(); C();
}; };
namespace { namespace {
struct D : B, C { struct D : B, C {
D(); D();
virtual void f(); virtual void f();
virtual void h();
}; };
} }
A::A() {} A::A() {}
B::B() {} B::B() {}
C::C() {} C::C() {}
D::D() {} D::D() {}
void A::f() { void A::f() {
} }
void B::g() {
}
void D::f() { void D::f() {
} }
void D::h() {
}
// DIAG: @[[SRC:.*]] = private unnamed_addr constant [{{.*}} x i8] c"{{.*}}cfi-vcall.cpp\00", align 1 // DIAG: @[[SRC:.*]] = private unnamed_addr constant [{{.*}} x i8] c"{{.*}}cfi-vcall.cpp\00", align 1
// DIAG: @[[TYPE:.*]] = private unnamed_addr constant { i16, i16, [4 x i8] } { i16 -1, i16 0, [4 x i8] c"'A'\00" } // DIAG: @[[TYPE:.*]] = private unnamed_addr constant { i16, i16, [4 x i8] } { i16 -1, i16 0, [4 x i8] c"'A'\00" }
// DIAG: @[[BADTYPESTATIC:.*]] = private unnamed_addr global { { [{{.*}} x i8]*, i32, i32 }, { i16, i16, [4 x i8] }*, i8 } { { [{{.*}} x i8]*, i32, i32 } { [{{.*}} x i8]* @[[SRC]], i32 58, i32 3 }, { i16, i16, [4 x i8] }* @[[TYPE]], i8 0 } // DIAG: @[[BADTYPESTATIC:.*]] = private unnamed_addr global { { [{{.*}} x i8]*, i32, i32 }, { i16, i16, [4 x i8] }*, i8 } { { [{{.*}} x i8]*, i32, i32 } { [{{.*}} x i8]* @[[SRC]], i32 [[@LINE+21]], i32 3 }, { i16, i16, [4 x i8] }* @[[TYPE]], i8 0 }
// CHECK: define void @_Z2afP1A // ITANIUM: define void @_Z2afP1A
// MS: define void @"\01?af@@YAXPEAUA@@@Z"
void af(A *a) { void af(A *a) {
// CHECK: [[P:%[^ ]*]] = call i1 @llvm.bitset.test(i8* [[VT:%[^ ]*]], metadata !"1A") // ITANIUM: [[P:%[^ ]*]] = call i1 @llvm.bitset.test(i8* [[VT:%[^ ]*]], metadata !"1A")
// MS: [[P:%[^ ]*]] = call i1 @llvm.bitset.test(i8* [[VT:%[^ ]*]], metadata !"A@@")
// CHECK-NEXT: br i1 [[P]], label %[[CONTBB:[^ ,]*]], label %[[TRAPBB:[^ ,]*]] // CHECK-NEXT: br i1 [[P]], label %[[CONTBB:[^ ,]*]], label %[[TRAPBB:[^ ,]*]]
// CHECK-NEXT: {{^$}}
// CHECK: [[TRAPBB]] // CHECK: [[TRAPBB]]
// NDIAG-NEXT: call void @llvm.trap() // NDIAG-NEXT: call void @llvm.trap()
// NDIAG-NEXT: unreachable // NDIAG-NEXT: unreachable
// DIAG-NEXT: [[VTINT:%[^ ]*]] = ptrtoint i8* [[VT]] to i64 // DIAG-NEXT: [[VTINT:%[^ ]*]] = ptrtoint i8* [[VT]] to i64
// DIAG-ABORT-NEXT: call void @__ubsan_handle_cfi_bad_type_abort(i8* bitcast ({{.*}} @[[BADTYPESTATIC]] to i8*), i64 [[VTINT]]) // DIAG-ABORT-NEXT: call void @__ubsan_handle_cfi_bad_type_abort(i8* bitcast ({{.*}} @[[BADTYPESTATIC]] to i8*), i64 [[VTINT]])
// DIAG-ABORT-NEXT: unreachable // DIAG-ABORT-NEXT: unreachable
// DIAG-RECOVER-NEXT: call void @__ubsan_handle_cfi_bad_type(i8* bitcast ({{.*}} @[[BADTYPESTATIC]] to i8*), i64 [[VTINT]]) // DIAG-RECOVER-NEXT: call void @__ubsan_handle_cfi_bad_type(i8* bitcast ({{.*}} @[[BADTYPESTATIC]] to i8*), i64 [[VTINT]])
// DIAG-RECOVER-NEXT: br label %[[CONTBB]] // DIAG-RECOVER-NEXT: br label %[[CONTBB]]
// CHECK: [[CONTBB]] // CHECK: [[CONTBB]]
// CHECK: call void % // CHECK: call void %
a->f(); a->f();
} }
// CHECK: define internal void @_Z3df1PN12_GLOBAL__N_11DE // ITANIUM: define internal void @_Z3df1PN12_GLOBAL__N_11DE
// MS: define internal void @"\01?df1@@YAXPEAUD@?A@@@Z"
void df1(D *d) { void df1(D *d) {
// CHECK: {{%[^ ]*}} = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"[{{.*}}cfi-vcall.cpp]N12_GLOBAL__N_11DE") // ITANIUM: {{%[^ ]*}} = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"[{{.*}}cfi-vcall.cpp]N12_GLOBAL__N_11DE")
// MS: {{%[^ ]*}} = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"A@@")
d->f(); d->f();
} }
// CHECK: define internal void @_Z3df2PN12_GLOBAL__N_11DE // ITANIUM: define internal void @_Z3dg1PN12_GLOBAL__N_11DE
// MS: define internal void @"\01?dg1@@YAXPEAUD@?A@@@Z"
void dg1(D *d) {
// ITANIUM: {{%[^ ]*}} = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"1B")
// MS: {{%[^ ]*}} = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"B@@")
d->g();
}
// ITANIUM: define internal void @_Z3dh1PN12_GLOBAL__N_11DE
// MS: define internal void @"\01?dh1@@YAXPEAUD@?A@@@Z"
void dh1(D *d) {
// ITANIUM: {{%[^ ]*}} = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"[{{.*}}cfi-vcall.cpp]N12_GLOBAL__N_11DE")
// MS: {{%[^ ]*}} = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"[{{.*}}cfi-vcall.cpp]D@?A@@")
d->h();
}
// ITANIUM: define internal void @_Z3df2PN12_GLOBAL__N_11DE
// MS: define internal void @"\01?df2@@YAXPEAUD@?A@@@Z"
__attribute__((no_sanitize("cfi"))) __attribute__((no_sanitize("cfi")))
void df2(D *d) { void df2(D *d) {
// CHECK-NOT: call i1 @llvm.bitset.test // CHECK-NOT: call i1 @llvm.bitset.test
d->f(); d->f();
} }
// CHECK: define internal void @_Z3df3PN12_GLOBAL__N_11DE // ITANIUM: define internal void @_Z3df3PN12_GLOBAL__N_11DE
// MS: define internal void @"\01?df3@@YAXPEAUD@?A@@@Z"
__attribute__((no_sanitize("address"))) __attribute__((no_sanitize("cfi-vcall"))) __attribute__((no_sanitize("address"))) __attribute__((no_sanitize("cfi-vcall")))
void df3(D *d) { void df3(D *d) {
// CHECK-NOT: call i1 @llvm.bitset.test // CHECK-NOT: call i1 @llvm.bitset.test
d->f(); d->f();
} }
D d; D d;
void foo() { void foo() {
df1(&d); df1(&d);
dg1(&d);
dh1(&d);
df2(&d); df2(&d);
df3(&d); df3(&d);
}
// CHECK-DAG: !{!"1A", [3 x i8*]* @_ZTV1A, i64 16} struct FA : A {
// CHECK-DAG: !{!"1A", [5 x i8*]* @_ZTCN12_GLOBAL__N_11DE0_1B, i64 32} void f() {}
// CHECK-DAG: !{!"1B", [5 x i8*]* @_ZTCN12_GLOBAL__N_11DE0_1B, i64 32} } fa;
// CHECK-DAG: !{!"1A", [9 x i8*]* @_ZTCN12_GLOBAL__N_11DE8_1C, i64 64} af(&fa);
// CHECK-DAG: !{!"1C", [9 x i8*]* @_ZTCN12_GLOBAL__N_11DE8_1C, i64 32} }
// CHECK-DAG: !{!"1A", [10 x i8*]* @_ZTVN12_GLOBAL__N_11DE, i64 32}
// CHECK-DAG: !{!"1B", [10 x i8*]* @_ZTVN12_GLOBAL__N_11DE, i64 32} // Check for the expected number of elements (9 or 15 respectively).
// CHECK-DAG: !{!"1C", [10 x i8*]* @_ZTVN12_GLOBAL__N_11DE, i64 72} // MS: !llvm.bitsets = !{[[X:[^,]*(,[^,]*){8}]]}
// CHECK-DAG: !{!"[{{.*}}cfi-vcall.cpp]N12_GLOBAL__N_11DE", [10 x i8*]* @_ZTVN12_GLOBAL__N_11DE, i64 32} // ITANIUM: !llvm.bitsets = !{[[X:[^,]*(,[^,]*){14}]]}
// CHECK-DAG: !{!"1A", [5 x i8*]* @_ZTV1B, i64 32}
// CHECK-DAG: !{!"1B", [5 x i8*]* @_ZTV1B, i64 32} // ITANIUM-DAG: !{!"1A", [3 x i8*]* @_ZTV1A, i64 16}
// CHECK-DAG: !{!"1A", [5 x i8*]* @_ZTV1C, i64 32} // ITANIUM-DAG: !{!"1A", [7 x i8*]* @_ZTCN12_GLOBAL__N_11DE0_1B, i64 32}
// CHECK-DAG: !{!"1C", [5 x i8*]* @_ZTV1C, i64 32} // ITANIUM-DAG: !{!"1B", [7 x i8*]* @_ZTCN12_GLOBAL__N_11DE0_1B, i64 32}
// ITANIUM-DAG: !{!"1A", [9 x i8*]* @_ZTCN12_GLOBAL__N_11DE8_1C, i64 64}
// ITANIUM-DAG: !{!"1C", [9 x i8*]* @_ZTCN12_GLOBAL__N_11DE8_1C, i64 32}
// ITANIUM-DAG: !{!"1A", [12 x i8*]* @_ZTVN12_GLOBAL__N_11DE, i64 32}
// ITANIUM-DAG: !{!"1B", [12 x i8*]* @_ZTVN12_GLOBAL__N_11DE, i64 32}
// ITANIUM-DAG: !{!"1C", [12 x i8*]* @_ZTVN12_GLOBAL__N_11DE, i64 88}
// ITANIUM-DAG: !{!"[{{.*}}cfi-vcall.cpp]N12_GLOBAL__N_11DE", [12 x i8*]* @_ZTVN12_GLOBAL__N_11DE, i64 32}
// ITANIUM-DAG: !{!"1A", [7 x i8*]* @_ZTV1B, i64 32}
// ITANIUM-DAG: !{!"1B", [7 x i8*]* @_ZTV1B, i64 32}
// ITANIUM-DAG: !{!"1A", [5 x i8*]* @_ZTV1C, i64 32}
// ITANIUM-DAG: !{!"1C", [5 x i8*]* @_ZTV1C, i64 32}
// ITANIUM-DAG: !{!"1A", [3 x i8*]* @_ZTVZ3foovE2FA, i64 16}
// ITANIUM-DAG: !{!"[{{.*}}cfi-vcall.cpp]Z3foovE2FA", [3 x i8*]* @_ZTVZ3foovE2FA, i64 16}
// MS-DAG: !{!"A@@", [2 x i8*]* @[[VTA]], i64 8}
// MS-DAG: !{!"B@@", [3 x i8*]* @[[VTB]], i64 8}
// MS-DAG: !{!"A@@", [2 x i8*]* @[[VTAinB]], i64 8}
// MS-DAG: !{!"A@@", [2 x i8*]* @[[VTAinC]], i64 8}
// MS-DAG: !{!"B@@", [3 x i8*]* @[[VTBinD]], i64 8}
// MS-DAG: !{!"[{{.*}}cfi-vcall.cpp]D@?A@@", [3 x i8*]* @[[VTBinD]], i64 8}
// MS-DAG: !{!"A@@", [2 x i8*]* @[[VTAinBinD]], i64 8}
// MS-DAG: !{!"A@@", [2 x i8*]* @[[VTFA]], i64 8}
// MS-DAG: !{!"[{{.*}}cfi-vcall.cpp]FA@?1??foo@@YAXXZ@", [2 x i8*]* @[[VTFA]], i64 8}