diff --git a/clang/include/clang/AST/Decl.h b/clang/include/clang/AST/Decl.h --- a/clang/include/clang/AST/Decl.h +++ b/clang/include/clang/AST/Decl.h @@ -4051,6 +4051,12 @@ RecordDeclBits.ParamDestroyedInCallee = V; } + bool isRandomized() const { return RecordDeclBits.IsRandomized; } + + void setIsRandomized(bool V) { RecordDeclBits.IsRandomized = V; } + + void reorderFields(const SmallVectorImpl &Fields); + /// Determines whether this declaration represents the /// injected class name. /// diff --git a/clang/include/clang/AST/DeclBase.h b/clang/include/clang/AST/DeclBase.h --- a/clang/include/clang/AST/DeclBase.h +++ b/clang/include/clang/AST/DeclBase.h @@ -313,6 +313,7 @@ friend class ASTReader; friend class CXXClassMemberWrapper; friend class LinkageComputer; + friend class RecordDecl; template friend class Redeclarable; /// Access - Used by C++ decls for the access specifier. @@ -1540,10 +1541,13 @@ /// Represents the way this type is passed to a function. uint64_t ArgPassingRestrictions : 2; + + /// Indicates whether this struct has had its field layout randomized. + uint64_t IsRandomized : 1; }; /// Number of non-inherited bits in RecordDeclBitfields. - enum { NumRecordDeclBits = 14 }; + enum { NumRecordDeclBits = 15 }; /// Stores the bits used by OMPDeclareReductionDecl. /// If modified NumOMPDeclareReductionDeclBits and the accessor diff --git a/clang/include/clang/AST/Randstruct.h b/clang/include/clang/AST/Randstruct.h new file mode 100644 --- /dev/null +++ b/clang/include/clang/AST/Randstruct.h @@ -0,0 +1,40 @@ +//===- Randstruct.h - Interfact for structure randomization -------*- C++ -*-=// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// This file contains the interface for Clang's structure field layout +// randomization. +// +//===----------------------------------------------------------------------===// + +#ifndef LLVM_CLANG_AST_RANDSTRUCT_H +#define LLVM_CLANG_AST_RANDSTRUCT_H + +namespace llvm { +template class ArrayRef; +template class SmallVectorImpl; +class StringRef; +} // end namespace llvm + +namespace clang { + +class ASTContext; +class Decl; +class RecordDecl; + +namespace randstruct { + +using llvm::SmallVectorImpl; + +bool randomizeStructureLayout(const ASTContext &Context, llvm::StringRef Name, + llvm::ArrayRef Fields, + SmallVectorImpl &FinalOrdering); + +} // namespace randstruct +} // namespace clang + +#endif // LLVM_CLANG_AST_RANDSTRUCT_H diff --git a/clang/include/clang/Basic/Attr.td b/clang/include/clang/Basic/Attr.td --- a/clang/include/clang/Basic/Attr.td +++ b/clang/include/clang/Basic/Attr.td @@ -3950,3 +3950,19 @@ let LangOpts = [HLSL]; let Documentation = [NumThreadsDocs]; } + +def RandomizeLayout : InheritableAttr { + let Spellings = [GCC<"randomize_layout">]; + let Subjects = SubjectList<[Record]>; + let Documentation = [ClangRandstructDocs]; + let LangOpts = [COnly]; +} + +// The "no_randomize_layout" attribute isn't added to a Decl. Instead, it's +// used to drop the "randomize_layout" attribute. +def NoRandomizeLayout : InheritableAttr { + let Spellings = [GCC<"no_randomize_layout">]; + let Subjects = SubjectList<[Record]>; + let Documentation = [ClangRandstructDocs]; + let LangOpts = [COnly]; +} diff --git a/clang/include/clang/Basic/AttrDocs.td b/clang/include/clang/Basic/AttrDocs.td --- a/clang/include/clang/Basic/AttrDocs.td +++ b/clang/include/clang/Basic/AttrDocs.td @@ -6379,3 +6379,28 @@ The full documentation is available here: https://docs.microsoft.com/en-us/windows/win32/direct3dhlsl/sm5-attributes-numthreads }]; } + +def ClangRandstructDocs : Documentation { + let Category = DocCatDecl; + let Heading = "randomize_layout, no_randomize_layout"; + let Content = [{ +The attribute ``randomize_layout``, when attached to a C structure, selects it +for structure layout field randomization; a compile-time hardening technique. A +"seed" value, is specified via the ``-frandstruct-seed=`` command line flag. +You can also supply the seed in a file with ``-frandstruct-seed-file=``. +For example: + +.. code-block:: bash + + SEED=`od -A n -t x8 -N 32 /dev/urandom | tr -d ' \n'` + make ... CFLAGS="-frandstruct-seed=$SEED" ... + +The randomization is deterministic based for a given seed, so the entire +program should be compiled with the same seed, but keep the seed safe +otherwise. + +The attribute ``no_randomize_layout``, when attached to a C structure, +instructs the compiler that this structure should not have its field layout +randomized. + }]; +} diff --git a/clang/include/clang/Basic/DiagnosticDriverKinds.td b/clang/include/clang/Basic/DiagnosticDriverKinds.td --- a/clang/include/clang/Basic/DiagnosticDriverKinds.td +++ b/clang/include/clang/Basic/DiagnosticDriverKinds.td @@ -165,6 +165,8 @@ "invalid argument '-mno-amdgpu-ieee' only allowed with relaxed NaN handling">; def err_drv_argument_not_allowed_with : Error< "invalid argument '%0' not allowed with '%1'">; +def err_drv_cannot_open_randstruct_seed_file : Error< + "cannot read randstruct seed file '%0'">; def err_drv_invalid_version_number : Error< "invalid version number in '%0'">; def err_drv_no_linker_llvm_support : Error< diff --git a/clang/include/clang/Basic/DiagnosticSemaKinds.td b/clang/include/clang/Basic/DiagnosticSemaKinds.td --- a/clang/include/clang/Basic/DiagnosticSemaKinds.td +++ b/clang/include/clang/Basic/DiagnosticSemaKinds.td @@ -11571,5 +11571,7 @@ def err_hlsl_numthreads_argument_oor : Error<"argument '%select{X|Y|Z}0' to numthreads attribute cannot exceed %1">; def err_hlsl_numthreads_invalid : Error<"total number of threads cannot exceed %0">; +// Layout randomization warning. +def err_cast_from_randomized_struct : Error< + "casting from randomized structure pointer type %0 to %1">; } // end of sema component. - diff --git a/clang/include/clang/Basic/LangOptions.h b/clang/include/clang/Basic/LangOptions.h --- a/clang/include/clang/Basic/LangOptions.h +++ b/clang/include/clang/Basic/LangOptions.h @@ -445,6 +445,9 @@ /// The default stream kind used for HIP kernel launching. GPUDefaultStreamKind GPUDefaultStream; + /// The seed used by the randomize structure layout feature. + std::string RandstructSeed; + LangOptions(); // Define accessors/mutators for language options of enumeration type. diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td --- a/clang/include/clang/Driver/Options.td +++ b/clang/include/clang/Driver/Options.td @@ -2119,6 +2119,18 @@ def fmessage_length_EQ : Joined<["-"], "fmessage-length=">, Group, Flags<[CC1Option]>, HelpText<"Format message diagnostics so that they fit within N columns">, MarshallingInfoInt>; +def frandstruct_seed_EQ + : Joined<["-"], "frandstruct-seed=">, + MetaVarName<"">, + Group, + Flags<[CC1Option]>, + HelpText<"The seed used by the randomization structure layout feature">; +def frandstruct_seed_file_EQ + : Joined<["-"], "frandstruct-seed-file=">, + MetaVarName<"">, + Group, + HelpText<"File holding the seed used by the randomization structure layout feature">, + Flags<[CC1Option]>; def fms_compatibility : Flag<["-"], "fms-compatibility">, Group, Flags<[CC1Option, CoreOption]>, HelpText<"Enable full Microsoft Visual C++ compatibility">, MarshallingInfoFlag>; diff --git a/clang/lib/AST/CMakeLists.txt b/clang/lib/AST/CMakeLists.txt --- a/clang/lib/AST/CMakeLists.txt +++ b/clang/lib/AST/CMakeLists.txt @@ -97,6 +97,7 @@ ParentMap.cpp PrintfFormatString.cpp QualTypeNames.cpp + Randstruct.cpp RawCommentList.cpp RecordLayout.cpp RecordLayoutBuilder.cpp diff --git a/clang/lib/AST/Decl.cpp b/clang/lib/AST/Decl.cpp --- a/clang/lib/AST/Decl.cpp +++ b/clang/lib/AST/Decl.cpp @@ -30,6 +30,7 @@ #include "clang/AST/ODRHash.h" #include "clang/AST/PrettyDeclStackTrace.h" #include "clang/AST/PrettyPrinter.h" +#include "clang/AST/Randstruct.h" #include "clang/AST/Redeclarable.h" #include "clang/AST/Stmt.h" #include "clang/AST/TemplateBase.h" @@ -4582,6 +4583,7 @@ setHasNonTrivialToPrimitiveCopyCUnion(false); setParamDestroyedInCallee(false); setArgPassingRestrictions(APK_CanPassInRegs); + setIsRandomized(false); } RecordDecl *RecordDecl::Create(const ASTContext &C, TagKind TK, DeclContext *DC, @@ -4665,6 +4667,12 @@ return hasAttr() || C.getLangOpts().MSBitfields == 1; } +void RecordDecl::reorderFields(const SmallVectorImpl &Fields) { + std::tie(FirstDecl, LastDecl) = DeclContext::BuildDeclChain(Fields, false); + LastDecl->NextInContextAndBits.setPointer(nullptr); + setIsRandomized(true); +} + void RecordDecl::LoadFieldsFromExternalStorage() const { ExternalASTSource *Source = getASTContext().getExternalSource(); assert(hasExternalLexicalStorage() && Source && "No external storage?"); diff --git a/clang/lib/AST/Randstruct.cpp b/clang/lib/AST/Randstruct.cpp new file mode 100644 --- /dev/null +++ b/clang/lib/AST/Randstruct.cpp @@ -0,0 +1,223 @@ +//===--- Randstruct.cpp ---------------------------------------------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// This file contains the implementation for Clang's structure field layout +// randomization. +// +//===----------------------------------------------------------------------===// + +#include "clang/AST/Randstruct.h" +#include "clang/AST/ASTContext.h" +#include "clang/AST/ASTDiagnostic.h" +#include "clang/AST/Attr.h" +#include "clang/Basic/Diagnostic.h" +#include "llvm/ADT/SmallVector.h" + +#include +#include +#include +#include +#include + +using clang::ASTContext; +using clang::FieldDecl; +using llvm::SmallVector; + +namespace { + +// FIXME: Replace this with some discovery once that mechanism exists. +enum { CACHE_LINE = 64 }; + +// The Bucket class holds the struct fields we're trying to fill to a +// cache-line. +class Bucket { + SmallVector Fields; + int Size = 0; + +public: + virtual ~Bucket() = default; + + SmallVector &fields() { return Fields; } + void addField(FieldDecl *Field, int FieldSize); + virtual bool canFit(int FieldSize) const { + return Size + FieldSize <= CACHE_LINE; + } + virtual bool isBitfieldRun() const { return false; } + bool full() const { return Size >= CACHE_LINE; } +}; + +void Bucket::addField(FieldDecl *Field, int FieldSize) { + Size += FieldSize; + Fields.push_back(Field); +} + +struct BitfieldRunBucket : public Bucket { + bool canFit(int FieldSize) const override { return true; } + bool isBitfieldRun() const override { return true; } +}; + +void randomizeStructureLayoutImpl(const ASTContext &Context, + llvm::SmallVectorImpl &FieldsOut, + std::mt19937 &RNG) { + // All of the Buckets produced by best-effort cache-line algorithm. + SmallVector, 16> Buckets; + + // The current bucket of fields that we are trying to fill to a cache-line. + std::unique_ptr CurrentBucket = nullptr; + + // The current bucket containing the run of adjacent bitfields to ensure they + // remain adjacent. + std::unique_ptr CurrentBitfieldRun = nullptr; + + // Tracks the number of fields that we failed to fit to the current bucket, + // and thus still need to be added later. + size_t Skipped = 0; + + while (!FieldsOut.empty()) { + // If we've Skipped more fields than we have remaining to place, that means + // that they can't fit in our current bucket, and we need to start a new + // one. + if (Skipped >= FieldsOut.size()) { + Skipped = 0; + Buckets.push_back(std::move(CurrentBucket)); + } + + // Take the first field that needs to be put in a bucket. + auto FieldIter = FieldsOut.begin(); + FieldDecl *FD = *FieldIter; + + if (FD->isBitField() && !FD->isZeroLengthBitField(Context)) { + // Start a bitfield run if this is the first bitfield we have found. + if (!CurrentBitfieldRun) + CurrentBitfieldRun = std::make_unique(); + + // We've placed the field, and can remove it from the "awaiting Buckets" + // vector called "Fields." + CurrentBitfieldRun->addField(FD, /*FieldSize is irrelevant here*/ 1); + FieldsOut.erase(FieldIter); + continue; + } + + // Else, current field is not a bitfield. If we were previously in a + // bitfield run, end it. + if (CurrentBitfieldRun) + Buckets.push_back(std::move(CurrentBitfieldRun)); + + // If we don't have a bucket, make one. + if (!CurrentBucket) + CurrentBucket = std::make_unique(); + + uint64_t Width = Context.getTypeInfo(FD->getType()).Width; + if (Width >= CACHE_LINE) { + std::unique_ptr OverSized = std::make_unique(); + OverSized->addField(FD, Width); + FieldsOut.erase(FieldIter); + Buckets.push_back(std::move(OverSized)); + continue; + } + + // If it fits, add it. + if (CurrentBucket->canFit(Width)) { + CurrentBucket->addField(FD, Width); + FieldsOut.erase(FieldIter); + + // If it's now full, tie off the bucket. + if (CurrentBucket->full()) { + Skipped = 0; + Buckets.push_back(std::move(CurrentBucket)); + } + } else { + // We can't fit it in our current bucket. Move to the end for processing + // later. + ++Skipped; // Mark it skipped. + FieldsOut.push_back(FD); + FieldsOut.erase(FieldIter); + } + } + + // Done processing the fields awaiting a bucket. + + // If we were filling a bucket, tie it off. + if (CurrentBucket) + Buckets.push_back(std::move(CurrentBucket)); + + // If we were processing a bitfield run bucket, tie it off. + if (CurrentBitfieldRun) + Buckets.push_back(std::move(CurrentBitfieldRun)); + + std::shuffle(std::begin(Buckets), std::end(Buckets), RNG); + + // Produce the new ordering of the elements from the Buckets. + SmallVector FinalOrder; + for (const std::unique_ptr &B : Buckets) { + llvm::SmallVectorImpl &RandFields = B->fields(); + if (!B->isBitfieldRun()) + std::shuffle(std::begin(RandFields), std::end(RandFields), RNG); + + FinalOrder.insert(FinalOrder.end(), RandFields.begin(), RandFields.end()); + } + + FieldsOut = FinalOrder; +} + +} // anonymous namespace + +namespace clang { +namespace randstruct { + +bool randomizeStructureLayout(const ASTContext &Context, StringRef Name, + ArrayRef Fields, + SmallVectorImpl &FinalOrdering) { + SmallVector RandomizedFields; + + unsigned TotalNumFields = 0; + for (Decl *D : Fields) { + ++TotalNumFields; + if (auto *FD = dyn_cast(D)) + RandomizedFields.push_back(FD); + else + FinalOrdering.push_back(D); + } + + if (RandomizedFields.empty()) + return false; + + // Struct might end with a variable-length array or an array of size 0 or 1, + // in which case we don't want to randomize it. + FieldDecl *VLA = nullptr; + const auto *CA = + dyn_cast(RandomizedFields.back()->getType()); + if ((CA && (CA->getSize().sle(2) || CA->isIncompleteArrayType())) || + llvm::any_of(Fields, [](Decl *D) { + if (const FieldDecl *FD = dyn_cast(D)) { + const Type *FDTy = FD->getType().getTypePtr(); + if (const RecordType *FDTTy = FDTy->getAs()) + return FDTTy->getDecl()->hasFlexibleArrayMember(); + } + return false; + })) + VLA = RandomizedFields.pop_back_val(); + + std::string Seed = (Context.getLangOpts().RandstructSeed + Name).str(); + std::seed_seq SeedSeq(Seed.begin(), Seed.end()); + std::mt19937 RNG(SeedSeq); + + randomizeStructureLayoutImpl(Context, RandomizedFields, RNG); + if (VLA) + RandomizedFields.push_back(VLA); + + FinalOrdering.insert(FinalOrdering.end(), RandomizedFields.begin(), + RandomizedFields.end()); + + assert(TotalNumFields == FinalOrdering.size() && + "Decl count has been altered after Randstruct randomization!"); + return true; +} + +} // end namespace randstruct +} // end namespace clang diff --git a/clang/lib/Driver/ToolChains/Clang.cpp b/clang/lib/Driver/ToolChains/Clang.cpp --- a/clang/lib/Driver/ToolChains/Clang.cpp +++ b/clang/lib/Driver/ToolChains/Clang.cpp @@ -5902,6 +5902,14 @@ CmdArgs.push_back( Args.MakeArgString("-fmessage-length=" + Twine(MessageLength))); + if (Arg *A = Args.getLastArg(options::OPT_frandstruct_seed_EQ)) + CmdArgs.push_back( + Args.MakeArgString("-frandstruct-seed=" + Twine(A->getValue(0)))); + + if (Arg *A = Args.getLastArg(options::OPT_frandstruct_seed_file_EQ)) + CmdArgs.push_back( + Args.MakeArgString("-frandstruct-seed-file=" + Twine(A->getValue(0)))); + // -fvisibility= and -fvisibility-ms-compat are of a piece. if (const Arg *A = Args.getLastArg(options::OPT_fvisibility_EQ, options::OPT_fvisibility_ms_compat)) { diff --git a/clang/lib/Frontend/CompilerInvocation.cpp b/clang/lib/Frontend/CompilerInvocation.cpp --- a/clang/lib/Frontend/CompilerInvocation.cpp +++ b/clang/lib/Frontend/CompilerInvocation.cpp @@ -94,6 +94,7 @@ #include #include #include +#include #include #include #include @@ -3663,6 +3664,9 @@ for (const auto &MP : Opts.MacroPrefixMap) GenerateArg(Args, OPT_fmacro_prefix_map_EQ, MP.first + "=" + MP.second, SA); + + if (!Opts.RandstructSeed.empty()) + GenerateArg(Args, OPT_frandstruct_seed_EQ, Opts.RandstructSeed, SA); } bool CompilerInvocation::ParseLangArgs(LangOptions &Opts, ArgList &Args, @@ -4215,6 +4219,19 @@ Diags.Report(diag::err_cc1_unbounded_vscale_min); } + if (const Arg *A = Args.getLastArg(OPT_frandstruct_seed_file_EQ)) { + std::ifstream SeedFile(A->getValue(0)); + + if (!SeedFile.is_open()) + Diags.Report(diag::err_drv_cannot_open_randstruct_seed_file) + << A->getValue(0); + + std::getline(SeedFile, Opts.RandstructSeed); + } + + if (const Arg *A = Args.getLastArg(OPT_frandstruct_seed_EQ)) + Opts.RandstructSeed = A->getValue(0); + return Diags.getNumErrors() == NumErrorsBefore; } diff --git a/clang/lib/Sema/SemaCast.cpp b/clang/lib/Sema/SemaCast.cpp --- a/clang/lib/Sema/SemaCast.cpp +++ b/clang/lib/Sema/SemaCast.cpp @@ -3129,6 +3129,23 @@ Self.Diag(OpRange.getBegin(), diag::warn_cast_function_type) << SrcType << DestType << OpRange; + if (isa(SrcType) && isa(DestType)) { + QualType SrcTy = cast(SrcType)->getPointeeType(); + QualType DestTy = cast(DestType)->getPointeeType(); + + const RecordDecl *SrcRD = SrcTy->getAsRecordDecl(); + const RecordDecl *DestRD = DestTy->getAsRecordDecl(); + + if (SrcRD && DestRD && SrcRD != DestRD && + SrcRD->hasAttr()) { + // The struct we are casting the pointer from was randomized. + Self.Diag(OpRange.getBegin(), diag::err_cast_from_randomized_struct) + << SrcTy << DestTy; + SrcExpr = ExprError(); + return; + } + } + DiagnoseCastOfObjCSEL(Self, SrcExpr, DestType); DiagnoseCallingConvCast(Self, SrcExpr, DestType, OpRange); DiagnoseBadFunctionCast(Self, SrcExpr, DestType); diff --git a/clang/lib/Sema/SemaDecl.cpp b/clang/lib/Sema/SemaDecl.cpp --- a/clang/lib/Sema/SemaDecl.cpp +++ b/clang/lib/Sema/SemaDecl.cpp @@ -24,6 +24,7 @@ #include "clang/AST/Expr.h" #include "clang/AST/ExprCXX.h" #include "clang/AST/NonTrivialTypeVisitor.h" +#include "clang/AST/Randstruct.h" #include "clang/AST/StmtCXX.h" #include "clang/Basic/Builtins.h" #include "clang/Basic/PartialDiagnostic.h" @@ -17808,6 +17809,18 @@ // Handle attributes before checking the layout. ProcessDeclAttributeList(S, Record, Attrs); + // Maybe randomize the field order. + if (!getLangOpts().CPlusPlus && !Record->isUnion() && + Record->hasAttr() && + !getLangOpts().RandstructSeed.empty()) { + SmallVector OrigFieldOrdering(Record->fields()); + SmallVector NewFieldOrdering; + if (randstruct::randomizeStructureLayout( + Context, Record->getNameAsString(), OrigFieldOrdering, + NewFieldOrdering)) + Record->reorderFields(NewFieldOrdering); + } + // We may have deferred checking for a deleted destructor. Check now. if (CXXRecord) { auto *Dtor = CXXRecord->getDestructor(); diff --git a/clang/lib/Sema/SemaDeclAttr.cpp b/clang/lib/Sema/SemaDeclAttr.cpp --- a/clang/lib/Sema/SemaDeclAttr.cpp +++ b/clang/lib/Sema/SemaDeclAttr.cpp @@ -8620,6 +8620,13 @@ case ParsedAttr::AT_Section: handleSectionAttr(S, D, AL); break; + case ParsedAttr::AT_RandomizeLayout: + handleSimpleAttribute(S, D, AL); + break; + case ParsedAttr::AT_NoRandomizeLayout: + // Drop the "randomize_layout" attribute if it's on the decl. + D->dropAttr(); + break; case ParsedAttr::AT_CodeSeg: handleCodeSegAttr(S, D, AL); break; diff --git a/clang/test/Misc/pragma-attribute-supported-attributes-list.test b/clang/test/Misc/pragma-attribute-supported-attributes-list.test --- a/clang/test/Misc/pragma-attribute-supported-attributes-list.test +++ b/clang/test/Misc/pragma-attribute-supported-attributes-list.test @@ -104,6 +104,7 @@ // CHECK-NEXT: NoMicroMips (SubjectMatchRule_function) // CHECK-NEXT: NoMips16 (SubjectMatchRule_function) // CHECK-NEXT: NoProfileFunction (SubjectMatchRule_function) +// CHECK-NEXT: NoRandomizeLayout (SubjectMatchRule_record) // CHECK-NEXT: NoSanitize (SubjectMatchRule_function, SubjectMatchRule_objc_method, SubjectMatchRule_variable_is_global) // CHECK-NEXT: NoSanitizeSpecific (SubjectMatchRule_function, SubjectMatchRule_variable_is_global) // CHECK-NEXT: NoSpeculativeLoadHardening (SubjectMatchRule_function, SubjectMatchRule_objc_method) @@ -148,6 +149,7 @@ // CHECK-NEXT: PassObjectSize (SubjectMatchRule_variable_is_parameter) // CHECK-NEXT: PatchableFunctionEntry (SubjectMatchRule_function, SubjectMatchRule_objc_method) // CHECK-NEXT: Pointer (SubjectMatchRule_record_not_is_union) +// CHECK-NEXT: RandomizeLayout (SubjectMatchRule_record) // CHECK-NEXT: ReleaseHandle (SubjectMatchRule_variable_is_parameter) // CHECK-NEXT: RenderScriptKernel (SubjectMatchRule_function) // CHECK-NEXT: ReqdWorkGroupSize (SubjectMatchRule_function) diff --git a/clang/unittests/AST/CMakeLists.txt b/clang/unittests/AST/CMakeLists.txt --- a/clang/unittests/AST/CMakeLists.txt +++ b/clang/unittests/AST/CMakeLists.txt @@ -25,6 +25,7 @@ EvaluateAsRValueTest.cpp ExternalASTSourceTest.cpp NamedDeclPrinterTest.cpp + RandstructTest.cpp RecursiveASTVisitorTest.cpp SizelessTypesTest.cpp SourceLocationTest.cpp diff --git a/clang/unittests/AST/RandstructTest.cpp b/clang/unittests/AST/RandstructTest.cpp new file mode 100644 --- /dev/null +++ b/clang/unittests/AST/RandstructTest.cpp @@ -0,0 +1,418 @@ +//===- unittest/AST/RandstructTest.cpp ------------------------------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// This file contains tests for Clang's structure field layout randomization. +// +//===----------------------------------------------------------------------===// + +/* + * Build this test suite by running `make ASTTests` in the build folder. + * + * Run this test suite by running the following in the build folder: + * ` ./tools/clang/unittests/AST/ASTTests + * --gtest_filter=StructureLayoutRandomization*` + */ + +#include "clang/AST/Randstruct.h" +#include "gtest/gtest.h" + +#include "DeclMatcher.h" +#include "clang/AST/RecordLayout.h" +#include "clang/ASTMatchers/ASTMatchers.h" +#include "clang/Frontend/ASTUnit.h" +#include "clang/Testing/CommandLineArgs.h" +#include "clang/Tooling/Tooling.h" + +#include + +using namespace clang; +using namespace clang::ast_matchers; +using namespace clang::randstruct; + +using field_names = std::vector; + +namespace { + +std::unique_ptr makeAST(const std::string &SourceCode) { + std::vector Args = getCommandLineArgsForTesting(Lang_C99); + Args.push_back("-frandstruct-seed=1234567890abcdef"); + + std::unique_ptr AST = + tooling::buildASTFromCodeWithArgs(SourceCode, Args); + + EXPECT_FALSE(AST->getDiagnostics().hasErrorOccurred()); + return AST; +} + +RecordDecl *getRecordDeclFromAST(const ASTContext &C, const std::string &Name) { + RecordDecl *RD = FirstDeclMatcher().match( + C.getTranslationUnitDecl(), recordDecl(hasName(Name))); + return RD; +} + +std::vector getFieldNamesFromRecord(const RecordDecl *RD) { + std::vector Fields; + + Fields.reserve(8); + for (auto *Field : RD->fields()) + Fields.push_back(Field->getNameAsString()); + + return Fields; +} + +bool isSubsequence(const field_names &Seq, const field_names &Subseq) { + unsigned SeqLen = Seq.size(); + unsigned SubLen = Subseq.size(); + + bool IsSubseq = false; + for (unsigned I = 0; I < SeqLen; ++I) + if (Seq[I] == Subseq[0]) { + IsSubseq = true; + for (unsigned J = 0; J + I < SeqLen && J < SubLen; ++J) { + if (Seq[J + I] != Subseq[J]) { + IsSubseq = false; + break; + } + } + } + + return IsSubseq; +} + +} // end anonymous namespace + +namespace clang { +namespace ast_matchers { + +#define RANDSTRUCT_TEST_SUITE_TEST StructureLayoutRandomizationTestSuiteTest + +TEST(RANDSTRUCT_TEST_SUITE_TEST, CanDetermineIfSubsequenceExists) { + const field_names Seq = {"a", "b", "c", "d"}; + + ASSERT_TRUE(isSubsequence(Seq, {"b", "c"})); + ASSERT_TRUE(isSubsequence(Seq, {"a", "b", "c", "d"})); + ASSERT_TRUE(isSubsequence(Seq, {"b", "c", "d"})); + ASSERT_TRUE(isSubsequence(Seq, {"a"})); + ASSERT_FALSE(isSubsequence(Seq, {"a", "d"})); +} + +#define RANDSTRUCT_TEST StructureLayoutRandomization + +TEST(RANDSTRUCT_TEST, UnmarkedStruct) { + const std::unique_ptr AST = makeAST(R"c( + struct test { + int bacon; + long lettuce; + long long tomato; + float mayonnaise; + }; + )c"); + + const RecordDecl *RD = getRecordDeclFromAST(AST->getASTContext(), "test"); + const field_names Expected = {"bacon", "lettuce", "tomato", "mayonnaise"}; + + ASSERT_FALSE(RD->getAttr()); + ASSERT_FALSE(RD->isRandomized()); + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); +} + +TEST(RANDSTRUCT_TEST, MarkedNoRandomize) { + const std::unique_ptr AST = makeAST(R"c( + struct test { + int bacon; + long lettuce; + long long tomato; + float mayonnaise; + } __attribute__((no_randomize_layout)); + )c"); + + const RecordDecl *RD = getRecordDeclFromAST(AST->getASTContext(), "test"); + const field_names Expected = {"bacon", "lettuce", "tomato", "mayonnaise"}; + + ASSERT_FALSE(RD->getAttr()); + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); +} + +TEST(RANDSTRUCT_TEST, MarkedRandomize) { + const std::unique_ptr AST = makeAST(R"c( + struct test { + int bacon; + long lettuce; + long long tomato; + float mayonnaise; + } __attribute__((randomize_layout)); + )c"); + + const RecordDecl *RD = getRecordDeclFromAST(AST->getASTContext(), "test"); + const field_names Expected = {"mayonnaise", "bacon", "tomato", "lettuce"}; + + ASSERT_TRUE(RD->getAttr()); + ASSERT_TRUE(RD->isRandomized()); + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); +} + +TEST(RANDSTRUCT_TEST, MultipleAttrsNoRandomize) { + const std::unique_ptr AST = makeAST(R"c( + struct test { + int bacon; + long lettuce; + long long tomato; + float mayonnaise; + } __attribute__((randomize_layout)) __attribute__((no_randomize_layout)); + )c"); + + const RecordDecl *RD = getRecordDeclFromAST(AST->getASTContext(), "test"); + const field_names Expected = {"bacon", "lettuce", "tomato", "mayonnaise"}; + + ASSERT_FALSE(RD->getAttr()); + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); +} + +TEST(RANDSTRUCT_TEST, MultipleAttrsRandomize) { + const std::unique_ptr AST = makeAST(R"c( + struct test { + int bacon; + long lettuce; + long long tomato; + float mayonnaise; + } __attribute__((no_randomize_layout)) __attribute__((randomize_layout)); + )c"); + + const RecordDecl *RD = getRecordDeclFromAST(AST->getASTContext(), "test"); + const field_names Expected = {"mayonnaise", "bacon", "tomato", "lettuce"}; + + ASSERT_TRUE(RD->getAttr()); + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); +} + +// FIXME: Clang trips an assertion in the DiagnosticsEngine when the warning is +// emitted while running under the test suite: +// clang/lib/Frontend/TextDiagnosticPrinter.cpp:150: virtual void +// clang::TextDiagnosticPrinter::HandleDiagnostic(clang::DiagnosticsEngine::Level, +// const clang::Diagnostic&): Assertion `TextDiag && "UnExpected diagnostic +// outside source file processing"' failed. +// +// Although the test *technically* is marked as pass; outside of the test suite +// this functionality works and no assertion is tripped. +TEST( + RANDSTRUCT_TEST, + DISABLED_EmitWarningWhenStructureIsMarkedWithBothRandomizeAndNoRandomizeAttributes) { + const std::unique_ptr AST = makeAST(R"c( + struct test_struct { + int a; + int b; + int c; + } __attribute__((no_randomize_layout)) __attribute__((randomize_layout)); + )c"); + + ASSERT_EQ(AST->getASTContext().getDiagnostics().getNumWarnings(), 1UL); +} + +// End of FIXME regarding DiagnosticsEngine assertion tests. + +TEST(RANDSTRUCT_TEST, CheckAdjacentBitfieldsRemainAdjacentAfterRandomization) { + const std::unique_ptr AST = makeAST(R"c( + struct test { + int a; + int b; + int x : 1; + int y : 1; + int z : 1; + int c; + } __attribute__((randomize_layout)); + )c"); + + const RecordDecl *RD = getRecordDeclFromAST(AST->getASTContext(), "test"); + + const field_names Expected = {"c", "x", "y", "z", "b", "a"}; + const field_names Subseq = {"x", "y", "z"}; + const field_names Actual = getFieldNamesFromRecord(RD); + + ASSERT_TRUE(isSubsequence(Actual, Subseq)); + ASSERT_EQ(Expected, Actual); +} + +TEST(RANDSTRUCT_TEST, CheckVariableLengthArrayMemberRemainsAtEndOfStructure) { + const std::unique_ptr AST = makeAST(R"c( + struct test { + int a; + double b; + short c; + char name[]; + } __attribute__((randomize_layout)); + )c"); + + const RecordDecl *RD = getRecordDeclFromAST(AST->getASTContext(), "test"); + const field_names Expected = {"b", "c", "a", "name"}; + + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); +} + +TEST(RANDSTRUCT_TEST, RandstructDoesNotOverrideThePackedAttr) { + const std::unique_ptr AST = makeAST(R"c( + struct test_struct { + char a; + float b[3]; + short c; + int d; + } __attribute__((packed, randomize_layout)); + + struct another_struct { + char a; + char b[5]; + int c; + } __attribute__((packed, randomize_layout)); + + struct last_struct { + char a; + long long b; + int c[]; + } __attribute__((packed, randomize_layout)); + )c"); + + // FIXME (?): calling getASTRecordLayout is probably a necessary evil so that + // Clang's RecordBuilders can actually flesh out the information like + // alignment, etc. + { + const RecordDecl *RD = + getRecordDeclFromAST(AST->getASTContext(), "test_struct"); + const ASTRecordLayout *Layout = + &AST->getASTContext().getASTRecordLayout(RD); + const field_names Expected = {"c", "a", "d", "b"}; + + ASSERT_EQ(19, Layout->getSize().getQuantity()); + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); + } + + { + const RecordDecl *RD = + getRecordDeclFromAST(AST->getASTContext(), "another_struct"); + const ASTRecordLayout *Layout = + &AST->getASTContext().getASTRecordLayout(RD); + const field_names Expected = {"c", "a", "b"}; + + ASSERT_EQ(10, Layout->getSize().getQuantity()); + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); + } + + { + const RecordDecl *RD = + getRecordDeclFromAST(AST->getASTContext(), "last_struct"); + const ASTRecordLayout *Layout = + &AST->getASTContext().getASTRecordLayout(RD); + const field_names Expected = {"b", "c", "a"}; + + ASSERT_EQ(9, Layout->getSize().getQuantity()); + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); + } +} + +TEST(RANDSTRUCT_TEST, ZeroWidthBitfieldsSeparateAllocationUnits) { + const std::unique_ptr AST = makeAST(R"c( + struct test_struct { + int a : 1; + int : 0; + int b : 1; + } __attribute__((randomize_layout)); + )c"); + + const RecordDecl *RD = + getRecordDeclFromAST(AST->getASTContext(), "test_struct"); + const field_names Expected = {"", "a", "b"}; + + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); +} + +TEST(RANDSTRUCT_TEST, RandstructDoesNotRandomizeUnionFieldOrder) { + const std::unique_ptr AST = makeAST(R"c( + union test_union { + int a; + int b; + int c; + int d; + int e; + int f; + } __attribute__((randomize_layout)); + )c"); + + const RecordDecl *RD = + getRecordDeclFromAST(AST->getASTContext(), "test_union"); + const field_names Expected = {"a", "b", "c", "d", "e", "f"}; + + ASSERT_FALSE(RD->isRandomized()); + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); +} + +TEST(RANDSTRUCT_TEST, AnonymousStructsAndUnionsRetainFieldOrder) { + const std::unique_ptr AST = makeAST(R"c( + struct test_struct { + int a; + struct sub_struct { + int b; + int c; + int d; + int e; + int f; + } __attribute__((randomize_layout)) s; + int f; + struct { + int g; + int h; + int i; + int j; + int k; + }; + int l; + union { + int m; + int n; + int o; + int p; + int q; + }; + int r; + } __attribute__((randomize_layout)); + )c"); + + const RecordDecl *RD = + getRecordDeclFromAST(AST->getASTContext(), "test_struct"); + const field_names Expected = {"f", "a", "l", "", "", "s", "r"}; + + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); + + bool AnonStructTested = false; + bool AnonUnionTested = false; + for (const Decl *D : RD->decls()) + if (const FieldDecl *FD = dyn_cast(D)) { + if (const auto *Record = FD->getType()->getAs()) { + RD = Record->getDecl(); + if (RD->isAnonymousStructOrUnion()) { + if (RD->isUnion()) { + const field_names Expected = {"m", "n", "o", "p", "q"}; + + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); + AnonUnionTested = true; + } else { + const field_names Expected = {"g", "h", "i", "j", "k"}; + + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); + AnonStructTested = true; + } + } else if (RD->isStruct()) { + const field_names Expected = {"d", "e", "f", "c", "b"}; + ASSERT_EQ(Expected, getFieldNamesFromRecord(RD)); + } + } + } + + ASSERT_TRUE(AnonStructTested); + ASSERT_TRUE(AnonUnionTested); +} + +} // namespace ast_matchers +} // namespace clang