This is an archive of the discontinued LLVM Phabricator instance.

Differential D108479

[Clang] Add __builtin_addressof_nocfi
ClosedPublic

Authored by samitolvanen on Aug 20 2021, 11:59 AM.

Details

Reviewers
nickdesaulniers
pcc
rjmccall
Commits
rGec2e26eaf635: [Clang] Add __builtin_function_start
Summary

This change adds builtin_addressof_nocfi(). This built-in function
is similar to the existing builtin_addressof(), except that with
-fsanitize=cfi, it returns the address of the function body instead of
a CFI jump table address.

__builtin_addressof_nocfi() is helpful in low-level code, such as
operating system kernels, which may need the address of a specific
function without a jump table indirection.

Link: https://github.com/ClangBuiltLinux/linux/issues/1353

Depends on D108478

Diff Detail

Event Timeline

samitolvanen created this revision.Aug 20 2021, 11:59 AM
Herald added a subscriber: martong. · View Herald TranscriptAug 20 2021, 11:59 AM
samitolvanen requested review of this revision.Aug 20 2021, 11:59 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 20 2021, 11:59 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
samitolvanen added reviewers: nickdesaulniers, pcc.Aug 20 2021, 12:03 PM

Here's a PoC of the built-in function that returns the address of the function body with CFI. Based on D108478.

Harbormaster completed remote builds in B120594: Diff 367850.Aug 20 2021, 1:09 PM
nickdesaulniers added inline comments.Aug 26 2021, 12:21 PM
clang/lib/CodeGen/CGExprConstant.cpp
1893

fix linter warning

1894

Don't use auto here.
https://llvm.org/docs/CodingStandards.html#use-auto-type-deduction-to-make-code-more-readable
It's common when the type is already specified on the RHS of an assignment that's using of the casting operators that's already explicitly specialized with the type.

clang/test/CodeGen/builtin-addressof-nocfi.c
18 ↗(On Diff #367850)

do we ever need the builtin address of a global that's NOT a function?

If so, we should add a test for that. If not, perhaps we don't need to waste space in every APValue?

martong removed a subscriber: martong.Aug 27 2021, 1:29 AM
samitolvanen updated this revision to Diff 369795.Aug 31 2021, 2:02 PM
samitolvanen marked 2 inline comments as done.
samitolvanen added a comment.Aug 31 2021, 2:02 PM

Fixed clang-tidy warnings, dropped an unnecessary auto.

clang/test/CodeGen/builtin-addressof-nocfi.c
18 ↗(On Diff #367850)

do we ever need the builtin address of a global that's NOT a function?

I don't think so. This version does accept any global because it was modelled after __builtin_addressof(), but we could look into limiting this only for functions. Perhaps the built-in name should also be changed in that case?

If so, we should add a test for that. If not, perhaps we don't need to waste space in every APValue?

What would be a better place for the flag? I think in Clang, changing this to support only functions would probably just need some additional Sema checks.

Harbormaster completed remote builds in B121995: Diff 369795.Aug 31 2021, 3:44 PM
pcc accepted this revision.Oct 27 2021, 5:21 PM

LGTM

clang/lib/AST/APValue.cpp
133 ↗(On Diff #369795)

Remove braces

This revision is now accepted and ready to land.Oct 27 2021, 5:21 PM
nickdesaulniers added inline comments.Oct 28 2021, 12:32 PM
clang/test/CodeGen/builtin-addressof-nocfi.c
2 ↗(On Diff #369795)

mind adding a test case to this file that:

#if !__has_builtin(__builtin_addressof_nocfi)
#error "where did my builtin go?"
#endif
nickdesaulniers added inline comments.Oct 28 2021, 12:37 PM
clang/lib/AST/APValue.cpp
44–46 ↗(On Diff #369795)

I think a common convention in LLVM is to have comments like:

Local{I, V, /*NoCFIValue=*/false}`

for boolean parameters.

https://llvm.org/docs/CodingStandards.html#comment-formatting

nickdesaulniers added inline comments.Oct 28 2021, 12:41 PM
clang/include/clang/AST/APValue.h
195 ↗(On Diff #369795)

Is there be padding off the end of the bitfield? Or does this actually change the sizeof(LocalState)?

https://godbolt.org/z/eEdKoaab9

Can we just use a non-bitfield bool here?

samitolvanen updated this revision to Diff 383514.Oct 29 2021, 3:24 PM

Addressed comments.

samitolvanen updated this revision to Diff 383518.Oct 29 2021, 3:41 PM
samitolvanen marked 2 inline comments as done.

Missed a comment.

samitolvanen marked 2 inline comments as done.Oct 29 2021, 3:42 PM
Harbormaster completed remote builds in B131530: Diff 383518.Oct 29 2021, 4:18 PM
ardb added a subscriber: ardb.Nov 4 2021, 3:05 AM

I would argue that the existing __builtin_addressof() should absorb this behavior, rather than adding a special builtin related to CFI.

As is documented for __builtin_addressof(), its intended use is in cases where the & operator may return something other than the address of the object, which is exactly the case we are dealing with here.

clang/test/CodeGen/builtin-addressof-nocfi.c
18 ↗(On Diff #367850)

do we ever need the builtin address of a global that's NOT a function?

I don't think so. This version does accept any global because it was modelled after __builtin_addressof(), but we could look into limiting this only for functions. Perhaps the built-in name should also be changed in that case?

Why is that necessary? That will only make it harder to use for users that want to wrap this in another macro that may be used for arbitrary symbols.

pcc requested changes to this revision.Nov 4 2021, 2:02 PM
pcc added subscribers: rjmccall, rsmith.
In D108479#3108360, @ardb wrote:

I would argue that the existing __builtin_addressof() should absorb this behavior, rather than adding a special builtin related to CFI.

As is documented for __builtin_addressof(), its intended use is in cases where the & operator may return something other than the address of the object, which is exactly the case we are dealing with here.

Maybe. It does imply two slightly orthogonal use cases for __builtin_addressof, one for implementing std::addressof and the other for the no-CFI use case. One question is then whether these two use cases will conflict. In libc++ we have

template <class _Tp>
inline _LIBCPP_CONSTEXPR_AFTER_CXX14
_LIBCPP_NO_CFI _LIBCPP_INLINE_VISIBILITY
_Tp*
addressof(_Tp& __x) _NOEXCEPT
{
    return __builtin_addressof(__x);
}

So as long as the additional use case for __builtin_addressof is only activated when the argument is (syntactically) a reference to a function I don't think this libc++ code will be affected. I guess it's possible that there could be other users of __builtin_addressof that could be relying on the existing behavior, although it seems unlikely to me.

A similar use case that we may want to consider is for removing the pointer authentication bits when using the proposed PAuth ABI. D112941 proposes adding a separate builtin __builtin_ptrauth_strip for this purpose, although I believe that it cannot be used in constant expressions. If we decide to let __builtin_addressof absorb the no-CFI behavior then it seems reasonable for it to absorb the PAuth stripping behavior as well, but again only if the argument is a syntactic function reference. I personally would find this somewhat confusing though because stripping in the PAuth ABI can be performed at runtime on any pointer value and not just syntactic function references.

Should the builtin return a value of type void* instead of a pointer to the type of its argument? This would make it clear that the value returned by the builtin is not meant to be called in the usual way (this applies to both CFI and the PAuth ABI) and I suppose is another point in favor of this being a separate builtin.

Adding @rsmith and @rjmccall who may have opinions on the above.

This revision now requires changes to proceed.Nov 4 2021, 2:02 PM
rjmccall added a comment.Nov 4 2021, 3:00 PM

std::addressof(&someFunction) certainly ought to return a signed pointer under ptrauth, so if your goal here is to get a completely unadorned symbol address, I think you do need a different builtin, and it probably ought to return a void* to emphasize that it shouldn't be used as a normal value. Maybe it should even be semantically restricted to require a constant decl reference as its operand? Related and perhaps illuminating question: if it were implementable, would you also want to force the suppression of lazy-binding thunks and/or decorations like the THUMB bit?

samitolvanen updated this revision to Diff 384897.Nov 4 2021, 4:00 PM

Keep a void * return type for the nocfi variant.

Harbormaster completed remote builds in B132562: Diff 384897.Nov 4 2021, 5:06 PM
pcc added a comment.Nov 5 2021, 12:09 PM

Maybe it should even be semantically restricted to require a constant decl reference as its operand?

I think we should do this.

Maybe it should be named something like __builtin_symbol_address if we're intending for this to have an effect with PAuth as well?

rjmccall added a comment.Nov 5 2021, 12:22 PM

Yeah, I think that's a better name. The documentation can say that ideally this also wouldn't include things like the THUMB bit, but there are technical limitations that make it hard to achieve that.

You could also make this Just Work for things like C++ member functions rather than producing a member function pointer.

samitolvanen planned changes to this revision.Nov 5 2021, 3:59 PM
samitolvanen removed subscribers: rsmith, rjmccall.
In D108479#3112492, @rjmccall wrote:

You could also make this Just Work for things like C++ member functions rather than producing a member function pointer.

I'm not sure I understand. What does Just Work mean when it comes to C++ member functions?

pcc added subscribers: rjmccall, rsmith.Nov 5 2021, 4:05 PM

(Adding back @rsmith, @rjmccall.)

In D108479#3113035, @samitolvanen wrote:
In D108479#3112492, @rjmccall wrote:

You could also make this Just Work for things like C++ member functions rather than producing a member function pointer.

I'm not sure I understand. What does Just Work mean when it comes to C++ member functions?

I think he means that e.g. __builtin_symbol_address(&Foo::bar) should return a void* pointing to the address of the Foo::bar member function body, instead of a member function pointer for Foo::bar.

rjmccall added a comment.Nov 5 2021, 6:54 PM
In D108479#3113055, @pcc wrote:

(Adding back @rsmith, @rjmccall.)

In D108479#3113035, @samitolvanen wrote:
In D108479#3112492, @rjmccall wrote:

You could also make this Just Work for things like C++ member functions rather than producing a member function pointer.

I'm not sure I understand. What does Just Work mean when it comes to C++ member functions?

I think he means that e.g. __builtin_symbol_address(&Foo::bar) should return a void* pointing to the address of the Foo::bar member function body, instead of a member function pointer for Foo::bar.

Yes, exactly.

jrtc27 added a subscriber: jrtc27.Nov 13 2021, 7:07 PM
In D108479#3110003, @rjmccall wrote:

std::addressof(&someFunction) certainly ought to return a signed pointer under ptrauth, so if your goal here is to get a completely unadorned symbol address, I think you do need a different builtin, and it probably ought to return a void* to emphasize that it shouldn't be used as a normal value. Maybe it should even be semantically restricted to require a constant decl reference as its operand? Related and perhaps illuminating question: if it were implementable, would you also want to force the suppression of lazy-binding thunks and/or decorations like the THUMB bit?

Similarly, should it point to the descriptor or the entry point for ABIs with function descriptors? Personally I think trying to generalise this builtin just opens a huge can of worms when you look at other architectures and ABIs (and what it does can have implications for CHERI/Morello where we have various weird experimental ABIs), so you may just be best off having the original specialised builtin with very clear semantics.

rjmccall added a comment.Nov 13 2021, 7:41 PM

I don't know for certain, but I would guess that the kernel wants to get the address of the first instruction in the function for the purposes of some sort of later PC-based table lookup, which means that yes, it probably *does* need to bypass descriptors on CHERI / Itanium / whatever else.

What we're trying to do here is *avoid* a can of worms by clearly understanding what the desired semantics are, rather than adding a builtin with the semantics of "ignore exactly the one complication that we ran into first".

jrtc27 added a comment.Nov 13 2021, 8:21 PM

If it's bypassing the descriptors then __builtin_symbol_address is the wrong name (and a bit ambiguous). As far as dlsym is concerned, the symbol is the descriptor, but when you get down to the ELF representation itself that's not always true. For PPC64 ELFv1, the ELF symbol is the descriptor, and the entry point has a different name. For PA-RISC and Itanium, the ELF symbol is the entry point, and you request the descriptor rather than the entry point by using a different relocation to the normal data pointer one (well, Itanium has a whole set of them, you have {32,64} x {LSB,MSB} plus a 64I one for putting into an X format instruction's immediate, and GP-relative GOT-indirect (@ltoff) versions of all those, plus a bonus 22-bit immediate one for that).

For CHERI there's the added complication that descriptors and trampolines can exist for security reasons when crossing security domains, and you absolutely should not let one compartment get pointers to the entry point of another compartment's function. You can hand it out if sealed or the permissions are cleared, as then you can't really do anything with it other than look at the integer address, but that seems a bit odd.

rjmccall added a comment.Nov 13 2021, 8:47 PM
In D108479#3129571, @jrtc27 wrote:

For CHERI there's the added complication that descriptors and trampolines can exist for security reasons when crossing security domains, and you absolutely should not let one compartment get pointers to the entry point of another compartment's function. You can hand it out if sealed or the permissions are cleared, as then you can't really do anything with it other than look at the integer address, but that seems a bit odd.

That would be consistent with getting an unsigned pointer under pointer authentication or an address with the THUMB bit potentially stripped: it's just a raw address that you can't safely call. In any case, I suspect it would be fine for us to say that we just don't support this builtin when the target is using weird function pointers unless we have some way to bypass the special treatment in LLVM.

I agree that "symbol" address is probably the wrong name. Maybe __builtin_function_start or something like that? But before we go much further on this, we should get confirmation from Peter that we're targeting the right design.

pcc added a comment.Nov 15 2021, 11:07 AM
In D108479#3129577, @rjmccall wrote:
In D108479#3129571, @jrtc27 wrote:

For CHERI there's the added complication that descriptors and trampolines can exist for security reasons when crossing security domains, and you absolutely should not let one compartment get pointers to the entry point of another compartment's function. You can hand it out if sealed or the permissions are cleared, as then you can't really do anything with it other than look at the integer address, but that seems a bit odd.

That would be consistent with getting an unsigned pointer under pointer authentication or an address with the THUMB bit potentially stripped: it's just a raw address that you can't safely call. In any case, I suspect it would be fine for us to say that we just don't support this builtin when the target is using weird function pointers unless we have some way to bypass the special treatment in LLVM.

I agree that "symbol" address is probably the wrong name. Maybe __builtin_function_start or something like that? But before we go much further on this, we should get confirmation from Peter that we're targeting the right design.

Having this be defined to return the function body address (and diagnose at compile time if that's not supported) seem like the right design to me, and __builtin_function_start sounds like a good name.

Here's another example of a potential use case that came up in the course of the PAuth ABI work: testing whether a stack trace contains a particular function:
https://cs.android.com/android/platform/superproject/+/master:bionic/tests/execinfo_test.cpp;l=94

I think that no matter whether it's CFI, PAuth, CHERI or anything else, this test would want the address of the real function body. If the test is compiled on a platform where taking the real function body address is unsupported, it would fail at runtime if we just let this be compiled as a no-op, so we should diagnose the issue at compile time where possible.

clang/test/SemaCXX/builtins.cpp
44

I don't think this should always evaluate to true, should it? Maybe we should forbid these types of comparisons in integral constant expressions?

rjmccall added a comment.Nov 15 2021, 6:12 PM

Do any of the proposed use cases actually require this to be a constant expression? Some of these patterns can be cheaply implemented with code generation even if the target doesn't otherwise support constants; for example, we could just mask the THUMB bit off on 32-bit ARM.

rjmccall added a comment.Nov 15 2021, 6:15 PM

If we do need to support constant expressions of this, I think we should have the constant evaluator produce an expression rather than an l-value, the way we do with some other builtin calls. That should stop the comparison problem more generally.

samitolvanen updated this revision to Diff 388237.Nov 18 2021, 9:27 AM

Renamed to __builtin_function_start, allowed only FunctionDecls as a parameter, added support for C++ member functions, and disallowed comparisons in integral constant expressions.

Harbormaster completed remote builds in B134926: Diff 388237.Nov 18 2021, 9:28 AM
samitolvanen marked an inline comment as done.Nov 18 2021, 9:52 AM
In D108479#3133578, @rjmccall wrote:

If we do need to support constant expressions of this

Yes, we need this also in constant expressions.

I think we should have the constant evaluator produce an expression rather than an l-value, the way we do with some other builtin calls. That should stop the comparison problem more generally.

Sure, I can take a look at how that would work. Basically, in PointerExprEvaluator::VisitBuiltinCallExpr we should not evaluate the l-value and just leave it at Result.set(E)?

rjmccall added a comment.Nov 18 2021, 10:15 AM
In D108479#3140638, @samitolvanen wrote:
In D108479#3133578, @rjmccall wrote:

If we do need to support constant expressions of this

Yes, we need this also in constant expressions.

Okay. I assume just static initializers, and not things like template arguments?

I think we should have the constant evaluator produce an expression rather than an l-value, the way we do with some other builtin calls. That should stop the comparison problem more generally.

Sure, I can take a look at how that would work. Basically, in PointerExprEvaluator::VisitBuiltinCallExpr we should not evaluate the l-value and just leave it at Result.set(E)?

Yes, exactly. Since the builtin already requires a constant operand in non-dependent contexts, that should be enough.

clang/lib/Sema/SemaChecking.cpp
199

Please update the function name here.

208

It would be more general to allow any expression that we can constant-evaluate to a specific function / member function reference. That allows callers to do stuff like __builtin_function_start((int (A::*)() const) &A::x) to resolve overloaded function references.

You should delay this check if the operand is value-dependent.

221

I think we decided that the result type should be void*. Are there other semantic checks from CheckAddressOfOperand that still meaningfully apply?

samitolvanen planned changes to this revision.Nov 18 2021, 12:50 PM
In D108479#3140688, @rjmccall wrote:
In D108479#3140638, @samitolvanen wrote:
In D108479#3133578, @rjmccall wrote:

If we do need to support constant expressions of this

Yes, we need this also in constant expressions.

Okay. I assume just static initializers, and not things like template arguments?

Correct.

samitolvanen updated this revision to Diff 389242.Nov 23 2021, 9:51 AM
samitolvanen marked an inline comment as done.

Refactored to avoid evaluating the expression into an l-value.

samitolvanen added a comment.Nov 23 2021, 9:51 AM
In D108479#3140688, @rjmccall wrote:
In D108479#3140638, @samitolvanen wrote:

Sure, I can take a look at how that would work. Basically, in PointerExprEvaluator::VisitBuiltinCallExpr we should not evaluate the l-value and just leave it at Result.set(E)?

Yes, exactly. Since the builtin already requires a constant operand in non-dependent contexts, that should be enough.

This does indeed solve comparison issues and allows me to drop the changes to APValue, but it breaks initializing globals in C because Clang doesn't know the expression is a compile-time constant:

$ cat test.c
void a() {}
const void *p = __builtin_function_start(a);
$ clang -c test.c
test.c:2:17: error: initializer element is not a compile-time constant
const void *p = __builtin_function_start(a);
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.

I worked around this for now by explicitly allowing __builtin_function_start in CheckLValueConstantExpression, but this seems terribly hacky. What would be the correct way to solve this issue?

clang/lib/Sema/SemaChecking.cpp
208

It would be more general to allow any expression that we can constant-evaluate to a specific function / member function reference. That allows callers to do stuff like __builtin_function_start((int (A::*)() const) &A::x) to resolve overloaded function references.

I looked into using Expr::EvaluateAsConstantExpr here and while it works, I'm not sure if allowing arbitrary expressions as the argument provides any value. We can allow resolving overloaded function references without constant-evaluating the expression (and I added tests for this). Did you have any other use cases in mind where this might be useful?

221

I thought Sema::checkAddressOfFunctionIsAvailable would be useful.

rjmccall added a comment.Nov 23 2021, 10:19 AM
In D108479#3149228, @samitolvanen wrote:

I worked around this for now by explicitly allowing __builtin_function_start in CheckLValueConstantExpression, but this seems terribly hacky. What would be the correct way to solve this issue?

Try to generalize what we do for __builtin___CFStringMakeConstantString.

clang/lib/Sema/SemaChecking.cpp
208

I don't see what the advantage of limiting the constant expression would be if we can constant-evaluate it. switch doesn't force you to make case values be integer literals and/or references to enumerators. What are you trying to achieve with a restriction?

Not having arbitrary restrictions is particularly useful in C++, where templates and constexpr machinery can usefully do a lot of abstraction.

samitolvanen planned changes to this revision.Nov 23 2021, 10:33 AM
In D108479#3149297, @rjmccall wrote:
In D108479#3149228, @samitolvanen wrote:

I worked around this for now by explicitly allowing __builtin_function_start in CheckLValueConstantExpression, but this seems terribly hacky. What would be the correct way to solve this issue?

Try to generalize what we do for __builtin___CFStringMakeConstantString.

Thanks, I'll take a look.

clang/lib/Sema/SemaChecking.cpp
208

I don't see what the advantage of limiting the constant expression would be if we can constant-evaluate it. switch doesn't force you to make case values be integer literals and/or references to enumerators. What are you trying to achieve with a restriction?

I'm trying to understand the benefit of allowing arbitrary expressions like __builtin_function_start(100 + a), which EvaluateAsConstantExpr is happy to evaluate into a reference to a.

I can obviously understand why these should be allowed for switch, but here we have a function whose sole purpose is to return the address of a function and I'm wondering why someone would want pass anything more complicated to it.

Not having arbitrary restrictions is particularly useful in C++, where templates and constexpr machinery can usefully do a lot of abstraction.

Perhaps I'm just not that familiar with the C++ use cases here. Would you be able to provide me an example I could use as a test case?

rjmccall added inline comments.Nov 23 2021, 1:11 PM
clang/lib/Sema/SemaChecking.cpp
208

I can obviously understand why these should be allowed for switch, but here we have a function whose sole purpose is to return the address of a function and I'm wondering why someone would want pass anything more complicated to it.

The idea is that you might have a complicated way of picking which function you mean. I agree that this should probably disallow non-zero offsets.

Perhaps I'm just not that familiar with the C++ use cases here. Would you be able to provide me an example I could use as a test case?

A simple example: fn after constexpr void (*fn)() = &foo;.

Harbormaster completed remote builds in B135664: Diff 389242.Nov 23 2021, 2:53 PM
samitolvanen updated this revision to Diff 389346.Nov 23 2021, 3:54 PM

Changed the code to evaluate the argument as a constant expression.

clang/lib/Sema/SemaChecking.cpp
208

Perhaps I'm just not that familiar with the C++ use cases here. Would you be able to provide me an example I could use as a test case?

A simple example: fn after constexpr void (*fn)() = &foo;.

Thanks for the example. So, something like this should also work?

$ cat test.cc 
void a() {}
constexpr void (*fn)() = &a;
const void *p = __builtin_function_start(fn);

Looking at what happens after we evaluate the expression, APValue is an l-value containing a VarDecl:

VarDecl 0xe3427a8 <test.cc:2:1, col:27> col:18 referenced fn 'void (*const)()' constexpr cinit

Which means I have to look at VarDecl::getEvaluatedValue if I want to get the function declaration. Or should the evaluation in this case produce a FunctionDecl directly?

Harbormaster completed remote builds in B135740: Diff 389346.Nov 23 2021, 5:38 PM
rjmccall added a comment.Nov 23 2021, 6:26 PM

Your builtin is using custom type-checking (t), which suppresses all the normal conversions that happen on expressions. Specifically, it skips lvalue-to-rvalue conversion, so in this example the argument ends up being an l-value reference to a variable rather than an r-value loaded from that variable. In addition to confusing constant evaluation, it would also make this look like an ODR-use of the variable, which would be subtly wrong in some C++ cases. The fix is to explicitly request the standard l-value conversions, which you can do with code like:

ExprResult Arg = S.DefaultFunctionArrayLvalueConversion(TheCall->getArg(0));
if (Arg.isInvalid()) return true;
TheCall->setArg(0, Arg.get());

After that, constant-evaluating the argument expression in your example should give you a FunctionDecl* as expected.

samitolvanen planned changes to this revision.Nov 24 2021, 10:07 AM
In D108479#3150298, @rjmccall wrote:

Your builtin is using custom type-checking (t), which suppresses all the normal conversions that happen on expressions. Specifically, it skips lvalue-to-rvalue conversion, so in this example the argument ends up being an l-value reference to a variable rather than an r-value loaded from that variable.

OK, that explains it. Thanks for the explanation!

samitolvanen updated this revision to Diff 390521.Nov 29 2021, 4:23 PM

Use standard l-value conversions, and add a test case for constexpr.

Harbormaster completed remote builds in B136568: Diff 390521.Nov 29 2021, 5:23 PM
rjmccall added a comment.Nov 29 2021, 9:28 PM

Thanks, this is exactly what I was looking for. Just some straightforward style/design requests from here.

clang/docs/LanguageExtensions.rst
2527

Please add:

  • an example
  • the fact that the return type is void*
  • the fact that the builtin might not be supported on every target
  • an explanation that it is not safe to call the returned pointer
clang/include/clang/AST/Expr.h
3117

I like that there's a common function to resolve this, but since the behavior is so tied to this one builtin, I'm anxious about someone thinking that it's a more general convenience routine.

Could you move it to Expr and give it a signature like ValueDecl *getAsBuiltinConstantDeclRef()? And then make the comment something like:

/// If this expression is an unambiguous reference to a single declaration,
/// in the style of __builtin_function_start, return that declaration.  Note that
/// this may return a non-static member function or field in C++ if this
/// expression is a member pointer constant.

Then it's a little more general and less tied to CallExpr, and you can just cast the result to FunctionDecl in your calls, which isn't too onerous.

clang/lib/AST/ExprConstant.cpp
1963

This looks great, thanks.

clang/lib/CodeGen/CodeGenModule.h
885

Please make this take the ValueDecl* so that the details of extracting the argument are localized to the builtin-emission code.

clang/lib/Sema/SemaChecking.cpp
206

Minor style nit: I generally prefer to have these checks that are just self-evidently bailing out if something failed appear right after the call without any intervening lines. Readers can immediately see the connection that way.

samitolvanen updated this revision to Diff 391159.Dec 1 2021, 4:05 PM
samitolvanen marked 5 inline comments as done.

Addressed comments.

Harbormaster completed remote builds in B137021: Diff 391159.Dec 1 2021, 4:48 PM
rjmccall accepted this revision.Dec 2 2021, 8:20 PM

This looks great, thanks. Please feel free to commit with the requested minor change to the docs.

clang/docs/LanguageExtensions.rst
2555

Please take this last sentence and make it the first sentence of the next paragraph; I think it leads into that example very nicely.

pcc accepted this revision.Dec 15 2021, 3:30 PM

LGTM

This revision is now accepted and ready to land.Dec 15 2021, 3:30 PM
Closed by commit rGec2e26eaf635: [Clang] Add __builtin_function_start (authored by samitolvanen). · Explain WhyDec 20 2021, 1:11 PM
This revision was automatically updated to reflect the committed changes.
samitolvanen added a commit: rGec2e26eaf635: [Clang] Add __builtin_function_start.

Revision Contents

PathSize
clang/
docs/
42 lines
include/
clang/
AST/
6 lines
Basic/
1 line
3 lines
lib/
AST/
17 lines
11 lines
CodeGen/
3 lines
3 lines
3 lines
8 lines
Sema/
27 lines
StaticAnalyzer/
Checkers/
3 lines
test/
CodeGen/
56 lines
SemaCXX/
7 lines

Diff 395516

clang/docs/LanguageExtensions.rst

Show First 20 LinesShow All 2,511 Lines▼ Show 20 Lines
**Example of use**: **Example of use**:
.. code-block:: c++ .. code-block:: c++
template<typename T> constexpr T *addressof(T &value) { template<typename T> constexpr T *addressof(T &value) {
return __builtin_addressof(value); return __builtin_addressof(value);
} }
``__builtin_function_start``
-----------------------------
``__builtin_function_start`` returns the address of a function body.
**Syntax**:
.. code-block:: c++
rjmccallUnsubmitted
Done
ReplyInline Actions

Please add:

  • an example
  • the fact that the return type is void*
  • the fact that the builtin might not be supported on every target
  • an explanation that it is not safe to call the returned pointer
rjmccall: Please add: - an example - the fact that the return type is `void*` - the fact that the builtin…
void *__builtin_function_start(function)
**Example of use**:
.. code-block:: c++
void a() {}
void *p = __builtin_function_start(a);
class A {
public:
void a(int n);
void a();
};
void A::a(int n) {}
void A::a() {}
void *pa1 = __builtin_function_start((void(A::*)(int)) &A::a);
void *pa2 = __builtin_function_start((void(A::*)()) &A::a);
**Description**:
The ``__builtin_function_start`` builtin accepts an argument that can be
constant-evaluated to a function, and returns the address of the function
body. This builtin is not supported on all targets.
rjmccallUnsubmitted
Not Done
ReplyInline Actions

Please take this last sentence and make it the first sentence of the next paragraph; I think it leads into that example very nicely.

rjmccall: Please take this last sentence and make it the first sentence of the next paragraph; I think it…
The returned pointer may differ from the normally taken function address
and is not safe to call. For example, with ``-fsanitize=cfi``, taking a
function address produces a callable pointer to a CFI jump table, while
``__builtin_function_start`` returns an address that fails
:doc:`cfi-icall<ControlFlowIntegrity>` checks.
``__builtin_operator_new`` and ``__builtin_operator_delete`` ``__builtin_operator_new`` and ``__builtin_operator_delete``
------------------------------------------------------------ ------------------------------------------------------------
A call to ``__builtin_operator_new(args)`` is exactly the same as a call to A call to ``__builtin_operator_new(args)`` is exactly the same as a call to
``::operator new(args)``, except that it allows certain optimizations ``::operator new(args)``, except that it allows certain optimizations
that the C++ standard does not permit for a direct function call to that the C++ standard does not permit for a direct function call to
``::operator new`` (in particular, removing ``new`` / ``delete`` pairs and ``::operator new`` (in particular, removing ``new`` / ``delete`` pairs and
merging allocations), and that the call is required to resolve to a merging allocations), and that the call is required to resolve to a
▲ Show 20 LinesShow All 1,657 LinesShow Last 20 Lines

clang/include/clang/AST/Expr.h

Show First 20 LinesShow All 566 Lines▼ Show 20 Linespublic:
/// isConstantInitializer - Returns true if this expression can be emitted to /// isConstantInitializer - Returns true if this expression can be emitted to
/// IR as a constant, and thus can be used as a constant initializer in C. /// IR as a constant, and thus can be used as a constant initializer in C.
/// If this expression is not constant and Culprit is non-null, /// If this expression is not constant and Culprit is non-null,
/// it is used to store the address of first non constant expr. /// it is used to store the address of first non constant expr.
bool isConstantInitializer(ASTContext &Ctx, bool ForRef, bool isConstantInitializer(ASTContext &Ctx, bool ForRef,
const Expr **Culprit = nullptr) const; const Expr **Culprit = nullptr) const;
/// If this expression is an unambiguous reference to a single declaration,
/// in the style of __builtin_function_start, return that declaration. Note
/// that this may return a non-static member function or field in C++ if this
/// expression is a member pointer constant.
const ValueDecl *getAsBuiltinConstantDeclRef(const ASTContext &Context) const;
/// EvalStatus is a struct with detailed info about an evaluation in progress. /// EvalStatus is a struct with detailed info about an evaluation in progress.
struct EvalStatus { struct EvalStatus {
/// Whether the evaluated expression has side effects. /// Whether the evaluated expression has side effects.
/// For example, (f() && 0) can be folded, but it still has side effects. /// For example, (f() && 0) can be folded, but it still has side effects.
bool HasSideEffects; bool HasSideEffects;
/// Whether the evaluation hit undefined behavior. /// Whether the evaluation hit undefined behavior.
/// For example, 1.0 / 0.0 can be folded to Inf, but has undefined behavior. /// For example, 1.0 / 0.0 can be folded to Inf, but has undefined behavior.
▲ Show 20 LinesShow All 2,520 Lines▼ Show 20 Linespublic:
/// Returns true if this call expression should warn on unused results. /// Returns true if this call expression should warn on unused results.
bool hasUnusedResultAttr(const ASTContext &Ctx) const { bool hasUnusedResultAttr(const ASTContext &Ctx) const {
return getUnusedResultAttr(Ctx) != nullptr; return getUnusedResultAttr(Ctx) != nullptr;
} }
SourceLocation getRParenLoc() const { return RParenLoc; } SourceLocation getRParenLoc() const { return RParenLoc; }
void setRParenLoc(SourceLocation L) { RParenLoc = L; } void setRParenLoc(SourceLocation L) { RParenLoc = L; }
rjmccallUnsubmitted
Done
ReplyInline Actions

I like that there's a common function to resolve this, but since the behavior is so tied to this one builtin, I'm anxious about someone thinking that it's a more general convenience routine.

Could you move it to Expr and give it a signature like ValueDecl *getAsBuiltinConstantDeclRef()? And then make the comment something like:

/// If this expression is an unambiguous reference to a single declaration,
/// in the style of __builtin_function_start, return that declaration.  Note that
/// this may return a non-static member function or field in C++ if this
/// expression is a member pointer constant.

Then it's a little more general and less tied to CallExpr, and you can just cast the result to FunctionDecl in your calls, which isn't too onerous.

rjmccall: I like that there's a common function to resolve this, but since the behavior is so tied to…
SourceLocation getBeginLoc() const LLVM_READONLY; SourceLocation getBeginLoc() const LLVM_READONLY;
SourceLocation getEndLoc() const LLVM_READONLY; SourceLocation getEndLoc() const LLVM_READONLY;
/// Return true if this is a call to __assume() or __builtin_assume() with /// Return true if this is a call to __assume() or __builtin_assume() with
/// a non-value-dependent constant parameter evaluating as false. /// a non-value-dependent constant parameter evaluating as false.
bool isBuiltinAssumeFalse(const ASTContext &Ctx) const; bool isBuiltinAssumeFalse(const ASTContext &Ctx) const;
/// Used by Sema to implement MSVC-compatible delayed name lookup. /// Used by Sema to implement MSVC-compatible delayed name lookup.
▲ Show 20 LinesShow All 3,343 LinesShow Last 20 Lines

clang/include/clang/Basic/Builtins.def

Show First 20 LinesShow All 1,569 Lines▼ Show 20 Lines
BUILTIN(__builtin_ssubl_overflow, "bSLiCSLiCSLi*", "n") BUILTIN(__builtin_ssubl_overflow, "bSLiCSLiCSLi*", "n")
BUILTIN(__builtin_ssubll_overflow, "bSLLiCSLLiCSLLi*", "n") BUILTIN(__builtin_ssubll_overflow, "bSLLiCSLLiCSLLi*", "n")
BUILTIN(__builtin_smul_overflow, "bSiCSiCSi*", "n") BUILTIN(__builtin_smul_overflow, "bSiCSiCSi*", "n")
BUILTIN(__builtin_smull_overflow, "bSLiCSLiCSLi*", "n") BUILTIN(__builtin_smull_overflow, "bSLiCSLiCSLi*", "n")
BUILTIN(__builtin_smulll_overflow, "bSLLiCSLLiCSLLi*", "n") BUILTIN(__builtin_smulll_overflow, "bSLLiCSLLiCSLLi*", "n")
// Clang builtins (not available in GCC). // Clang builtins (not available in GCC).
BUILTIN(__builtin_addressof, "v*v&", "nct") BUILTIN(__builtin_addressof, "v*v&", "nct")
BUILTIN(__builtin_function_start, "v*v&", "nct")
BUILTIN(__builtin_operator_new, "v*z", "tc") BUILTIN(__builtin_operator_new, "v*z", "tc")
BUILTIN(__builtin_operator_delete, "vv*", "tn") BUILTIN(__builtin_operator_delete, "vv*", "tn")
BUILTIN(__builtin_char_memchr, "c*cC*iz", "n") BUILTIN(__builtin_char_memchr, "c*cC*iz", "n")
BUILTIN(__builtin_dump_struct, "ivC*v*", "tn") BUILTIN(__builtin_dump_struct, "ivC*v*", "tn")
BUILTIN(__builtin_preserve_access_index, "v.", "t") BUILTIN(__builtin_preserve_access_index, "v.", "t")
// Alignment builtins (uses custom parsing to support pointers and integers) // Alignment builtins (uses custom parsing to support pointers and integers)
BUILTIN(__builtin_is_aligned, "bvC*z", "nct") BUILTIN(__builtin_is_aligned, "bvC*z", "nct")
▲ Show 20 LinesShow All 99 LinesShow Last 20 Lines

clang/include/clang/Basic/DiagnosticSemaKinds.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 832 Lines▼ Show 20 Linesdef warn_fortify_source_format_overflow : Warning<
" but format string expands to at least %2">, " but format string expands to at least %2">,
InGroup<FortifySource>; InGroup<FortifySource>;
def warn_fortify_scanf_overflow : Warning< def warn_fortify_scanf_overflow : Warning<
"'%0' may overflow; destination buffer in argument %1 has size " "'%0' may overflow; destination buffer in argument %1 has size "
"%2, but the corresponding specifier may require size %3">, "%2, but the corresponding specifier may require size %3">,
InGroup<FortifySource>; InGroup<FortifySource>;
def err_function_start_invalid_type: Error<
"argument must be a function">;
/// main() /// main()
// static main() is not an error in C, just in C++. // static main() is not an error in C, just in C++.
def warn_static_main : Warning<"'main' should not be declared static">, def warn_static_main : Warning<"'main' should not be declared static">,
InGroup<Main>; InGroup<Main>;
def err_static_main : Error<"'main' is not allowed to be declared static">; def err_static_main : Error<"'main' is not allowed to be declared static">;
def err_inline_main : Error<"'main' is not allowed to be declared inline">; def err_inline_main : Error<"'main' is not allowed to be declared inline">;
def ext_variadic_main : ExtWarn< def ext_variadic_main : ExtWarn<
"'main' is not allowed to be declared variadic">, InGroup<Main>; "'main' is not allowed to be declared variadic">, InGroup<Main>;
▲ Show 20 LinesShow All 10,622 LinesShow Last 20 Lines

clang/lib/AST/Expr.cpp

Show First 20 LinesShow All 196 Lines▼ Show 20 Lines if (const FieldDecl *FD = E->getSourceBitField())
if (!Semantic && FD->getType()->isUnsignedIntegerType() && if (!Semantic && FD->getType()->isUnsignedIntegerType() &&
!FD->getBitWidth()->isValueDependent() && !FD->getBitWidth()->isValueDependent() &&
FD->getBitWidthValue(FD->getASTContext()) == 1) FD->getBitWidthValue(FD->getASTContext()) == 1)
return true; return true;
return false; return false;
} }
const ValueDecl *
Expr::getAsBuiltinConstantDeclRef(const ASTContext &Context) const {
Expr::EvalResult Eval;
if (EvaluateAsConstantExpr(Eval, Context)) {
APValue &Value = Eval.Val;
if (Value.isMemberPointer())
return Value.getMemberPointerDecl();
if (Value.isLValue() && Value.getLValueOffset().isZero())
return Value.getLValueBase().dyn_cast<const ValueDecl *>();
}
return nullptr;
}
// Amusing macro metaprogramming hack: check whether a class provides // Amusing macro metaprogramming hack: check whether a class provides
// a more specific implementation of getExprLoc(). // a more specific implementation of getExprLoc().
// //
// See also Stmt.cpp:{getBeginLoc(),getEndLoc()}. // See also Stmt.cpp:{getBeginLoc(),getEndLoc()}.
namespace { namespace {
/// This implementation is used when a class provides a custom /// This implementation is used when a class provides a custom
/// implementation of getExprLoc. /// implementation of getExprLoc.
template <class E, class T> template <class E, class T>
▲ Show 20 LinesShow All 4,780 LinesShow Last 20 Lines

clang/lib/AST/ExprConstant.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,948 Lines▼ Show 20 Linesstatic bool EvaluateIgnoredValue(EvalInfo &Info, const Expr *E) {
assert(!E->isValueDependent()); assert(!E->isValueDependent());
APValue Scratch; APValue Scratch;
if (!Evaluate(Scratch, Info, E)) if (!Evaluate(Scratch, Info, E))
// We don't need the value, but we might have skipped a side effect here. // We don't need the value, but we might have skipped a side effect here.
return Info.noteSideEffect(); return Info.noteSideEffect();
return true; return true;
} }
/// Should this call expression be treated as a string literal? /// Should this call expression be treated as a constant?
static bool IsStringLiteralCall(const CallExpr *E) { static bool IsConstantCall(const CallExpr *E) {
unsigned Builtin = E->getBuiltinCallee(); unsigned Builtin = E->getBuiltinCallee();
return (Builtin == Builtin::BI__builtin___CFStringMakeConstantString || return (Builtin == Builtin::BI__builtin___CFStringMakeConstantString ||
Builtin == Builtin::BI__builtin___NSStringMakeConstantString); Builtin == Builtin::BI__builtin___NSStringMakeConstantString ||
Builtin == Builtin::BI__builtin_function_start);
} }
rjmccallUnsubmitted
Done
ReplyInline Actions

This looks great, thanks.

rjmccall: This looks great, thanks.
static bool IsGlobalLValue(APValue::LValueBase B) { static bool IsGlobalLValue(APValue::LValueBase B) {
// C++11 [expr.const]p3 An address constant expression is a prvalue core // C++11 [expr.const]p3 An address constant expression is a prvalue core
// constant expression of pointer type that evaluates to... // constant expression of pointer type that evaluates to...
// ... a null pointer value, or a prvalue core constant expression of type // ... a null pointer value, or a prvalue core constant expression of type
// std::nullptr_t. // std::nullptr_t.
if (!B) return true; if (!B) return true;
Show All 28 Linesstatic bool IsGlobalLValue(APValue::LValueBase B) {
case Expr::StringLiteralClass: case Expr::StringLiteralClass:
case Expr::PredefinedExprClass: case Expr::PredefinedExprClass:
case Expr::ObjCStringLiteralClass: case Expr::ObjCStringLiteralClass:
case Expr::ObjCEncodeExprClass: case Expr::ObjCEncodeExprClass:
return true; return true;
case Expr::ObjCBoxedExprClass: case Expr::ObjCBoxedExprClass:
return cast<ObjCBoxedExpr>(E)->isExpressibleAsConstantInitializer(); return cast<ObjCBoxedExpr>(E)->isExpressibleAsConstantInitializer();
case Expr::CallExprClass: case Expr::CallExprClass:
return IsStringLiteralCall(cast<CallExpr>(E)); return IsConstantCall(cast<CallExpr>(E));
// For GCC compatibility, &&label has static storage duration. // For GCC compatibility, &&label has static storage duration.
case Expr::AddrLabelExprClass: case Expr::AddrLabelExprClass:
return true; return true;
// A Block literal expression may be used as the initialization value for // A Block literal expression may be used as the initialization value for
// Block variables at global or local static scope. // Block variables at global or local static scope.
case Expr::BlockExprClass: case Expr::BlockExprClass:
return !cast<BlockExpr>(E)->getBlockDecl()->hasCaptures(); return !cast<BlockExpr>(E)->getBlockDecl()->hasCaptures();
case Expr::ImplicitValueInitExprClass: case Expr::ImplicitValueInitExprClass:
▲ Show 20 LinesShow All 6,946 Lines▼ Show 20 Linesbool PointerExprEvaluator::visitNonBuiltinCallExpr(const CallExpr *E) {
Result.setInvalid(E); Result.setInvalid(E);
QualType PointeeTy = E->getType()->castAs<PointerType>()->getPointeeType(); QualType PointeeTy = E->getType()->castAs<PointerType>()->getPointeeType();
Result.addUnsizedArray(Info, E, PointeeTy); Result.addUnsizedArray(Info, E, PointeeTy);
return true; return true;
} }
bool PointerExprEvaluator::VisitCallExpr(const CallExpr *E) { bool PointerExprEvaluator::VisitCallExpr(const CallExpr *E) {
if (IsStringLiteralCall(E)) if (IsConstantCall(E))
return Success(E); return Success(E);
if (unsigned BuiltinOp = E->getBuiltinCallee()) if (unsigned BuiltinOp = E->getBuiltinCallee())
return VisitBuiltinCallExpr(E, BuiltinOp); return VisitBuiltinCallExpr(E, BuiltinOp);
return visitNonBuiltinCallExpr(E); return visitNonBuiltinCallExpr(E);
} }
▲ Show 20 LinesShow All 6,881 LinesShow Last 20 Lines

clang/lib/CodeGen/CGBuiltin.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 4,499 Lines▼ Show 20 Lines case Builtin::BI__builtin_smulll_overflow: {
llvm::Value *Carry; llvm::Value *Carry;
llvm::Value *Sum = EmitOverflowIntrinsic(*this, IntrinsicId, X, Y, Carry); llvm::Value *Sum = EmitOverflowIntrinsic(*this, IntrinsicId, X, Y, Carry);
Builder.CreateStore(Sum, SumOutPtr); Builder.CreateStore(Sum, SumOutPtr);
return RValue::get(Carry); return RValue::get(Carry);
} }
case Builtin::BI__builtin_addressof: case Builtin::BI__builtin_addressof:
return RValue::get(EmitLValue(E->getArg(0)).getPointer(*this)); return RValue::get(EmitLValue(E->getArg(0)).getPointer(*this));
case Builtin::BI__builtin_function_start:
return RValue::get(CGM.GetFunctionStart(
E->getArg(0)->getAsBuiltinConstantDeclRef(CGM.getContext())));
case Builtin::BI__builtin_operator_new: case Builtin::BI__builtin_operator_new:
return EmitBuiltinNewDeleteCall( return EmitBuiltinNewDeleteCall(
E->getCallee()->getType()->castAs<FunctionProtoType>(), E, false); E->getCallee()->getType()->castAs<FunctionProtoType>(), E, false);
case Builtin::BI__builtin_operator_delete: case Builtin::BI__builtin_operator_delete:
return EmitBuiltinNewDeleteCall( return EmitBuiltinNewDeleteCall(
E->getCallee()->getType()->castAs<FunctionProtoType>(), E, true); E->getCallee()->getType()->castAs<FunctionProtoType>(), E, true);
case Builtin::BI__builtin_is_aligned: case Builtin::BI__builtin_is_aligned:
▲ Show 20 LinesShow All 14,429 LinesShow Last 20 Lines

clang/lib/CodeGen/CGExprConstant.cpp

Show First 20 LinesShow All 1,884 Lines▼ Show 20 Lines if (const ValueDecl *D = base.dyn_cast<const ValueDecl*>()) {
// The constant always points to the canonical declaration. We want to look // The constant always points to the canonical declaration. We want to look
// at properties of the most recent declaration at the point of emission. // at properties of the most recent declaration at the point of emission.
D = cast<ValueDecl>(D->getMostRecentDecl()); D = cast<ValueDecl>(D->getMostRecentDecl());
if (D->hasAttr<WeakRefAttr>()) if (D->hasAttr<WeakRefAttr>())
return CGM.GetWeakRefReference(D).getPointer(); return CGM.GetWeakRefReference(D).getPointer();
if (auto FD = dyn_cast<FunctionDecl>(D)) if (auto FD = dyn_cast<FunctionDecl>(D))
return CGM.GetAddrOfFunction(FD); return CGM.GetAddrOfFunction(FD);
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

fix linter warning

nickdesaulniers: fix linter warning
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Don't use auto here.
https://llvm.org/docs/CodingStandards.html#use-auto-type-deduction-to-make-code-more-readable
It's common when the type is already specified on the RHS of an assignment that's using of the casting operators that's already explicitly specialized with the type.

nickdesaulniers: Don't use `auto` here. https://llvm.org/docs/CodingStandards.html#use-auto-type-deduction-to…
if (auto VD = dyn_cast<VarDecl>(D)) { if (auto VD = dyn_cast<VarDecl>(D)) {
// We can never refer to a variable with local storage. // We can never refer to a variable with local storage.
if (!VD->hasLocalStorage()) { if (!VD->hasLocalStorage()) {
if (VD->isFileVarDecl() || VD->hasExternalStorage()) if (VD->isFileVarDecl() || VD->hasExternalStorage())
return CGM.GetAddrOfGlobalVar(VD); return CGM.GetAddrOfGlobalVar(VD);
if (VD->isLocalVarDecl()) { if (VD->isLocalVarDecl()) {
return CGM.getOrCreateStaticVarDecl( return CGM.getOrCreateStaticVarDecl(
▲ Show 20 LinesShow All 80 Lines▼ Show 20 LinesConstantLValueEmitter::VisitAddrLabelExpr(const AddrLabelExpr *E) {
Ptr = llvm::ConstantExpr::getBitCast(Ptr, Ptr = llvm::ConstantExpr::getBitCast(Ptr,
CGM.getTypes().ConvertType(E->getType())); CGM.getTypes().ConvertType(E->getType()));
return Ptr; return Ptr;
} }
ConstantLValue ConstantLValue
ConstantLValueEmitter::VisitCallExpr(const CallExpr *E) { ConstantLValueEmitter::VisitCallExpr(const CallExpr *E) {
unsigned builtin = E->getBuiltinCallee(); unsigned builtin = E->getBuiltinCallee();
if (builtin == Builtin::BI__builtin_function_start)
return CGM.GetFunctionStart(
E->getArg(0)->getAsBuiltinConstantDeclRef(CGM.getContext()));
if (builtin != Builtin::BI__builtin___CFStringMakeConstantString && if (builtin != Builtin::BI__builtin___CFStringMakeConstantString &&
builtin != Builtin::BI__builtin___NSStringMakeConstantString) builtin != Builtin::BI__builtin___NSStringMakeConstantString)
return nullptr; return nullptr;
auto literal = cast<StringLiteral>(E->getArg(0)->IgnoreParenCasts()); auto literal = cast<StringLiteral>(E->getArg(0)->IgnoreParenCasts());
if (builtin == Builtin::BI__builtin___NSStringMakeConstantString) { if (builtin == Builtin::BI__builtin___NSStringMakeConstantString) {
return CGM.getObjCRuntime().GenerateConstantString(literal); return CGM.getObjCRuntime().GenerateConstantString(literal);
} else { } else {
▲ Show 20 LinesShow All 343 LinesShow Last 20 Lines

clang/lib/CodeGen/CodeGenModule.h

Show First 20 LinesShow All 875 Lines▼ Show 20 Linespublic:
/// Return the address of the given function. If Ty is non-null, then this /// Return the address of the given function. If Ty is non-null, then this
/// function will use the specified type if it has to create it. /// function will use the specified type if it has to create it.
llvm::Constant *GetAddrOfFunction(GlobalDecl GD, llvm::Type *Ty = nullptr, llvm::Constant *GetAddrOfFunction(GlobalDecl GD, llvm::Type *Ty = nullptr,
bool ForVTable = false, bool ForVTable = false,
bool DontDefer = false, bool DontDefer = false,
ForDefinition_t IsForDefinition ForDefinition_t IsForDefinition
= NotForDefinition); = NotForDefinition);
// Return the function body address of the given function.
llvm::Constant *GetFunctionStart(const ValueDecl *Decl);
rjmccallUnsubmitted
Done
ReplyInline Actions

Please make this take the ValueDecl* so that the details of extracting the argument are localized to the builtin-emission code.

rjmccall: Please make this take the `ValueDecl*` so that the details of extracting the argument are…
/// Get the address of the RTTI descriptor for the given type. /// Get the address of the RTTI descriptor for the given type.
llvm::Constant *GetAddrOfRTTIDescriptor(QualType Ty, bool ForEH = false); llvm::Constant *GetAddrOfRTTIDescriptor(QualType Ty, bool ForEH = false);
/// Get the address of a GUID. /// Get the address of a GUID.
ConstantAddress GetAddrOfMSGuidDecl(const MSGuidDecl *GD); ConstantAddress GetAddrOfMSGuidDecl(const MSGuidDecl *GD);
/// Get the address of a template parameter object. /// Get the address of a template parameter object.
ConstantAddress ConstantAddress
▲ Show 20 LinesShow All 744 LinesShow Last 20 Lines

clang/lib/CodeGen/CodeGenModule.cpp

Show First 20 LinesShow All 3,880 Lines▼ Show 20 Lines auto *Handle = getCUDARuntime().getKernelHandle(
cast<llvm::Function>(F->stripPointerCasts()), GD); cast<llvm::Function>(F->stripPointerCasts()), GD);
if (IsForDefinition) if (IsForDefinition)
return F; return F;
return llvm::ConstantExpr::getBitCast(Handle, Ty->getPointerTo()); return llvm::ConstantExpr::getBitCast(Handle, Ty->getPointerTo());
} }
return F; return F;
} }
llvm::Constant *CodeGenModule::GetFunctionStart(const ValueDecl *Decl) {
llvm::GlobalValue *F =
cast<llvm::GlobalValue>(GetAddrOfFunction(Decl)->stripPointerCasts());
return llvm::ConstantExpr::getBitCast(llvm::NoCFIValue::get(F),
llvm::Type::getInt8PtrTy(VMContext));
}
static const FunctionDecl * static const FunctionDecl *
GetRuntimeFunctionDecl(ASTContext &C, StringRef Name) { GetRuntimeFunctionDecl(ASTContext &C, StringRef Name) {
TranslationUnitDecl *TUDecl = C.getTranslationUnitDecl(); TranslationUnitDecl *TUDecl = C.getTranslationUnitDecl();
DeclContext *DC = TranslationUnitDecl::castToDeclContext(TUDecl); DeclContext *DC = TranslationUnitDecl::castToDeclContext(TUDecl);
IdentifierInfo &CII = C.Idents.get(Name); IdentifierInfo &CII = C.Idents.get(Name);
for (const auto *Result : DC->lookup(&CII)) for (const auto *Result : DC->lookup(&CII))
if (const auto *FD = dyn_cast<FunctionDecl>(Result)) if (const auto *FD = dyn_cast<FunctionDecl>(Result))
▲ Show 20 LinesShow All 2,728 LinesShow Last 20 Lines

clang/lib/Sema/SemaChecking.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 189 Lines▼ Show 20 Linesstatic bool SemaBuiltinAddressof(Sema &S, CallExpr *TheCall) {
if (ResultType.isNull()) if (ResultType.isNull())
return true; return true;
TheCall->setArg(0, Arg.get()); TheCall->setArg(0, Arg.get());
TheCall->setType(ResultType); TheCall->setType(ResultType);
return false; return false;
} }
/// Check that the argument to __builtin_function_start is a function.
static bool SemaBuiltinFunctionStart(Sema &S, CallExpr *TheCall) {
rjmccallUnsubmitted
Done
ReplyInline Actions

Please update the function name here.

rjmccall: Please update the function name here.
if (checkArgCount(S, TheCall, 1))
return true;
ExprResult Arg = S.DefaultFunctionArrayLvalueConversion(TheCall->getArg(0));
if (Arg.isInvalid())
return true;
rjmccallUnsubmitted
Done
ReplyInline Actions

Minor style nit: I generally prefer to have these checks that are just self-evidently bailing out if something failed appear right after the call without any intervening lines. Readers can immediately see the connection that way.

rjmccall: Minor style nit: I generally prefer to have these checks that are just self-evidently bailing…
TheCall->setArg(0, Arg.get());
const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(
rjmccallUnsubmitted
Not Done
ReplyInline Actions

It would be more general to allow any expression that we can constant-evaluate to a specific function / member function reference. That allows callers to do stuff like __builtin_function_start((int (A::*)() const) &A::x) to resolve overloaded function references.

You should delay this check if the operand is value-dependent.

rjmccall: It would be more general to allow any expression that we can constant-evaluate to a specific…
samitolvanenAuthorUnsubmitted
Not Done
ReplyInline Actions

It would be more general to allow any expression that we can constant-evaluate to a specific function / member function reference. That allows callers to do stuff like __builtin_function_start((int (A::*)() const) &A::x) to resolve overloaded function references.

I looked into using Expr::EvaluateAsConstantExpr here and while it works, I'm not sure if allowing arbitrary expressions as the argument provides any value. We can allow resolving overloaded function references without constant-evaluating the expression (and I added tests for this). Did you have any other use cases in mind where this might be useful?

samitolvanen: > It would be more general to allow any expression that we can constant-evaluate to a specific…
rjmccallUnsubmitted
Not Done
ReplyInline Actions

I don't see what the advantage of limiting the constant expression would be if we can constant-evaluate it. switch doesn't force you to make case values be integer literals and/or references to enumerators. What are you trying to achieve with a restriction?

Not having arbitrary restrictions is particularly useful in C++, where templates and constexpr machinery can usefully do a lot of abstraction.

rjmccall: I don't see what the advantage of limiting the constant expression would be if we can constant…
samitolvanenAuthorUnsubmitted
Not Done
ReplyInline Actions

I don't see what the advantage of limiting the constant expression would be if we can constant-evaluate it. switch doesn't force you to make case values be integer literals and/or references to enumerators. What are you trying to achieve with a restriction?

I'm trying to understand the benefit of allowing arbitrary expressions like __builtin_function_start(100 + a), which EvaluateAsConstantExpr is happy to evaluate into a reference to a.

I can obviously understand why these should be allowed for switch, but here we have a function whose sole purpose is to return the address of a function and I'm wondering why someone would want pass anything more complicated to it.

Not having arbitrary restrictions is particularly useful in C++, where templates and constexpr machinery can usefully do a lot of abstraction.

Perhaps I'm just not that familiar with the C++ use cases here. Would you be able to provide me an example I could use as a test case?

samitolvanen: > I don't see what the advantage of limiting the constant expression would be if we can…
rjmccallUnsubmitted
Not Done
ReplyInline Actions

I can obviously understand why these should be allowed for switch, but here we have a function whose sole purpose is to return the address of a function and I'm wondering why someone would want pass anything more complicated to it.

The idea is that you might have a complicated way of picking which function you mean. I agree that this should probably disallow non-zero offsets.

Perhaps I'm just not that familiar with the C++ use cases here. Would you be able to provide me an example I could use as a test case?

A simple example: fn after constexpr void (*fn)() = &foo;.

rjmccall: > I can obviously understand why these should be allowed for switch, but here we have a…
samitolvanenAuthorUnsubmitted
Not Done
ReplyInline Actions

Perhaps I'm just not that familiar with the C++ use cases here. Would you be able to provide me an example I could use as a test case?

A simple example: fn after constexpr void (*fn)() = &foo;.

Thanks for the example. So, something like this should also work?

$ cat test.cc 
void a() {}
constexpr void (*fn)() = &a;
const void *p = __builtin_function_start(fn);

Looking at what happens after we evaluate the expression, APValue is an l-value containing a VarDecl:

VarDecl 0xe3427a8 <test.cc:2:1, col:27> col:18 referenced fn 'void (*const)()' constexpr cinit

Which means I have to look at VarDecl::getEvaluatedValue if I want to get the function declaration. Or should the evaluation in this case produce a FunctionDecl directly?

samitolvanen: > > Perhaps I'm just not that familiar with the C++ use cases here. Would you be able to…
Arg.get()->getAsBuiltinConstantDeclRef(S.getASTContext()));
if (!FD) {
S.Diag(TheCall->getBeginLoc(), diag::err_function_start_invalid_type)
<< TheCall->getSourceRange();
return true;
}
return !S.checkAddressOfFunctionIsAvailable(FD, /*Complain=*/true,
TheCall->getBeginLoc());
}
/// Check the number of arguments and set the result type to /// Check the number of arguments and set the result type to
rjmccallUnsubmitted
Not Done
ReplyInline Actions

I think we decided that the result type should be void*. Are there other semantic checks from CheckAddressOfOperand that still meaningfully apply?

rjmccall: I think we decided that the result type should be `void*`. Are there other semantic checks…
samitolvanenAuthorUnsubmitted
Not Done
ReplyInline Actions

I thought Sema::checkAddressOfFunctionIsAvailable would be useful.

samitolvanen: I thought `Sema::checkAddressOfFunctionIsAvailable` would be useful.
/// the argument type. /// the argument type.
static bool SemaBuiltinPreserveAI(Sema &S, CallExpr *TheCall) { static bool SemaBuiltinPreserveAI(Sema &S, CallExpr *TheCall) {
if (checkArgCount(S, TheCall, 1)) if (checkArgCount(S, TheCall, 1))
return true; return true;
TheCall->setType(TheCall->getArg(0)->getType()); TheCall->setType(TheCall->getArg(0)->getType());
return false; return false;
} }
▲ Show 20 LinesShow All 1,706 Lines▼ Show 20 Lines#include "clang/Basic/Builtins.def"
case Builtin::BI__builtin_annotation: case Builtin::BI__builtin_annotation:
if (SemaBuiltinAnnotation(*this, TheCall)) if (SemaBuiltinAnnotation(*this, TheCall))
return ExprError(); return ExprError();
break; break;
case Builtin::BI__builtin_addressof: case Builtin::BI__builtin_addressof:
if (SemaBuiltinAddressof(*this, TheCall)) if (SemaBuiltinAddressof(*this, TheCall))
return ExprError(); return ExprError();
break; break;
case Builtin::BI__builtin_function_start:
if (SemaBuiltinFunctionStart(*this, TheCall))
return ExprError();
break;
case Builtin::BI__builtin_is_aligned: case Builtin::BI__builtin_is_aligned:
case Builtin::BI__builtin_align_up: case Builtin::BI__builtin_align_up:
case Builtin::BI__builtin_align_down: case Builtin::BI__builtin_align_down:
if (SemaBuiltinAlignment(*this, TheCall, BuiltinID)) if (SemaBuiltinAlignment(*this, TheCall, BuiltinID))
return ExprError(); return ExprError();
break; break;
case Builtin::BI__builtin_add_overflow: case Builtin::BI__builtin_add_overflow:
case Builtin::BI__builtin_sub_overflow: case Builtin::BI__builtin_sub_overflow:
▲ Show 20 LinesShow All 15,247 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp

Show First 20 LinesShow All 60 Lines▼ Show 20 Lines case Builtin::BI__builtin_assume: {
C.addTransition(state); C.addTransition(state);
return true; return true;
} }
case Builtin::BI__builtin_unpredictable: case Builtin::BI__builtin_unpredictable:
case Builtin::BI__builtin_expect: case Builtin::BI__builtin_expect:
case Builtin::BI__builtin_expect_with_probability: case Builtin::BI__builtin_expect_with_probability:
case Builtin::BI__builtin_assume_aligned: case Builtin::BI__builtin_assume_aligned:
case Builtin::BI__builtin_addressof: { case Builtin::BI__builtin_addressof:
case Builtin::BI__builtin_function_start: {
// For __builtin_unpredictable, __builtin_expect, // For __builtin_unpredictable, __builtin_expect,
// __builtin_expect_with_probability and __builtin_assume_aligned, // __builtin_expect_with_probability and __builtin_assume_aligned,
// just return the value of the subexpression. // just return the value of the subexpression.
// __builtin_addressof is going from a reference to a pointer, but those // __builtin_addressof is going from a reference to a pointer, but those
// are represented the same way in the analyzer. // are represented the same way in the analyzer.
assert (Call.getNumArgs() > 0); assert (Call.getNumArgs() > 0);
SVal Arg = Call.getArgSVal(0); SVal Arg = Call.getArgSVal(0);
C.addTransition(state->BindExpr(CE, LCtx, Arg)); C.addTransition(state->BindExpr(CE, LCtx, Arg));
▲ Show 20 LinesShow All 61 LinesShow Last 20 Lines

clang/test/CodeGen/builtin-function-start.cpp

  • This file was added.
// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -emit-llvm -fsanitize=cfi-icall -o - %s | FileCheck %s
#if !__has_builtin(__builtin_function_start)
#error "missing __builtin_function_start"
#endif
void a(void) {}
// CHECK: @e = global i8* bitcast (void ()* no_cfi @_Z1av to i8*)
const void *e = __builtin_function_start(a);
constexpr void (*d)() = &a;
// CHECK: @f = global i8* bitcast (void ()* no_cfi @_Z1av to i8*)
const void *f = __builtin_function_start(d);
void b(void) {}
// CHECK: @g = global [2 x i8*] [i8* bitcast (void ()* @_Z1bv to i8*), i8* bitcast (void ()* no_cfi @_Z1bv to i8*)]
void *g[] = {(void *)b, __builtin_function_start(b)};
void c(void *p) {}
class A {
public:
void f();
virtual void g();
static void h();
int i() const;
int i(int n) const;
};
void A::f() {}
void A::g() {}
void A::h() {}
// CHECK: define {{.*}}i32 @_ZNK1A1iEv(%class.A* {{.*}}%this)
int A::i() const { return 0; }
// CHECK: define {{.*}}i32 @_ZNK1A1iEi(%class.A* {{.*}}%this, i32 %n)
int A::i(int n) const { return 0; }
void h(void) {
// CHECK: store i8* bitcast (void ()* no_cfi @_Z1bv to i8*), i8** %g
void *g = __builtin_function_start(b);
// CHECK: call void @_Z1cPv(i8* bitcast (void ()* no_cfi @_Z1av to i8*))
c(__builtin_function_start(a));
// CHECK: store i8* bitcast (void (%class.A*)* no_cfi @_ZN1A1fEv to i8*), i8** %Af
void *Af = __builtin_function_start(&A::f);
// CHECK: store i8* bitcast (void (%class.A*)* no_cfi @_ZN1A1gEv to i8*), i8** %Ag
void *Ag = __builtin_function_start(&A::g);
// CHECK: store i8* bitcast (void ()* no_cfi @_ZN1A1hEv to i8*), i8** %Ah
void *Ah = __builtin_function_start(&A::h);
// CHECK: store i8* bitcast (i32 (%class.A*)* no_cfi @_ZNK1A1iEv to i8*), i8** %Ai1
void *Ai1 = __builtin_function_start((int(A::*)() const) & A::i);
// CHECK: store i8* bitcast (i32 (%class.A*, i32)* no_cfi @_ZNK1A1iEi to i8*), i8** %Ai2
void *Ai2 = __builtin_function_start((int(A::*)(int) const) & A::i);
}

clang/test/SemaCXX/builtins.cpp

Show All 33 Linesnamespace addressof {
static_assert(&pt->n == &t.n, ""); static_assert(&pt->n == &t.n, "");
struct U { int n : 5; } u; struct U { int n : 5; } u;
int *pbf = __builtin_addressof(u.n); // expected-error {{address of bit-field requested}} int *pbf = __builtin_addressof(u.n); // expected-error {{address of bit-field requested}}
S *ptmp = __builtin_addressof(S{}); // expected-error {{taking the address of a temporary}} S *ptmp = __builtin_addressof(S{}); // expected-error {{taking the address of a temporary}}
} }
namespace function_start {
void a(void) {}
int n;
pccUnsubmitted
Done
ReplyInline Actions

I don't think this should always evaluate to true, should it? Maybe we should forbid these types of comparisons in integral constant expressions?

pcc: I don't think this should always evaluate to true, should it? Maybe we should forbid these…
void *p = __builtin_function_start(n); // expected-error {{argument must be a function}}
static_assert(__builtin_function_start(a) == a, ""); // expected-error {{static_assert expression is not an integral constant expression}}
} // namespace function_start
void no_ms_builtins() { void no_ms_builtins() {
__assume(1); // expected-error {{use of undeclared}} __assume(1); // expected-error {{use of undeclared}}
__noop(1); // expected-error {{use of undeclared}} __noop(1); // expected-error {{use of undeclared}}
__debugbreak(); // expected-error {{use of undeclared}} __debugbreak(); // expected-error {{use of undeclared}}
} }
struct FILE; struct FILE;
extern "C" int vfprintf(FILE *__restrict, const char *__restrict, extern "C" int vfprintf(FILE *__restrict, const char *__restrict,
▲ Show 20 LinesShow All 106 LinesShow Last 20 Lines