This is an archive of the discontinued LLVM Phabricator instance.

Differential D124211

Add __builtin_kcfi_call_unchecked
AbandonedPublic

Authored by samitolvanen on Apr 21 2022, 3:49 PM.

Details

Reviewers
aaron.ballman
pcc
nickdesaulniers
ardb
kees
joaomoreira
Summary

With -fsanitize=kcfi, disabling indirect call checking using
the no_sanitize attribute is not fine-grained enough in cases
where we want to disable checking only for specific calls. The
__builtin_kcfi_call_unchecked builtin accepts an indirect call
expression and emits the call without KCFI type checking.

Depends on D119296

Diff Detail

Event Timeline

samitolvanen created this revision.Apr 21 2022, 3:49 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 21 2022, 3:49 PM
samitolvanen requested review of this revision.Apr 21 2022, 3:49 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 21 2022, 3:49 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
Harbormaster completed remote builds in B160740: Diff 424321.Apr 21 2022, 4:45 PM
nickdesaulniers added a subscriber: rjmccall.Apr 28 2022, 11:09 AM
nickdesaulniers added a comment.Apr 28 2022, 11:20 AM

Can you link to the lore thread on discussions around the builtin?

clang/lib/Sema/SemaChecking.cpp
436

auto *Call =
https://llvm.org/docs/CodingStandards.html#beware-unnecessary-copies-with-auto

451

auto *Builtin =

though I would perhaps not use auto here.

nickdesaulniers added inline comments.Apr 28 2022, 11:33 AM
clang/lib/Sema/SemaChecking.cpp
436

Also, can this simply be a dyn_cast rather than dyn_cast_or_null? Don't you already check the arg count above?

samitolvanen added a comment.Apr 28 2022, 11:33 AM
In D124211#3480652, @nickdesaulniers wrote:

Can you link to the lore thread on discussions around the builtin?

There's no LKML discussion about the built-in, but there were earlier proposals of using an attribute to accomplish the same thing. @pcc suggested using a built-in instead, and the reviewers in D122673 agreed that it's a more appropriate solution. In the kernel, the indirect static_call trampoline calls that are patched into direct calls at boot are the primary reason we need a finer-grained method of disabling CFI checks.

nickdesaulniers added a comment.Apr 28 2022, 11:47 AM
In D124211#3480709, @samitolvanen wrote:
In D124211#3480652, @nickdesaulniers wrote:

Can you link to the lore thread on discussions around the builtin?

There's no LKML discussion about the built-in, but there were earlier proposals of using an attribute to accomplish the same thing. @pcc suggested using a built-in instead, and the reviewers in D122673 agreed that it's a more appropriate solution. In the kernel, the indirect static_call trampoline calls that are patched into direct calls at boot are the primary reason we need a finer-grained method of disabling CFI checks.

Perhaps it's time to start a discussion on LKML then, before landing this?

samitolvanen added a comment.Apr 28 2022, 4:46 PM
In D124211#3480773, @nickdesaulniers wrote:

Perhaps it's time to start a discussion on LKML then, before landing this?

I don't intend to land these patches until there's a consensus on the correct approach from both projects, and I was hoping to get a confirmation that this API looks reasonable from the LLVM side before sending an RFC series to LKML. Since nobody has objected, I suppose there's no reason to delay that.

rjmccall added a comment.Apr 28 2022, 8:10 PM

My only comment about the design is that maybe it should be __builtin_kcfi_call_unchecked, which does not seem like something you need to hold up LKML discussion for.

samitolvanen updated this revision to Diff 426116.Apr 29 2022, 10:53 AM
samitolvanen marked 2 inline comments as done.
  • Renamed the builtin.
  • Addressed Nick's comments.
samitolvanen retitled this revision from Add __builtin_call_kcfi_unchecked to Add __builtin_kcfi_call_unchecked.Apr 29 2022, 10:55 AM
samitolvanen edited the summary of this revision. (Show Details)
nickdesaulniers accepted this revision.Apr 29 2022, 11:06 AM
This revision is now accepted and ready to land.Apr 29 2022, 11:06 AM
Harbormaster completed remote builds in B162035: Diff 426116.Apr 29 2022, 1:12 PM
samitolvanen added a comment.Apr 29 2022, 1:40 PM

LKML RFC: https://lore.kernel.org/lkml/20220429203644.2868448-1-samitolvanen@google.com/

samitolvanen abandoned this revision.May 3 2022, 10:34 AM

OK, I confirmed that we won't need this after all. I'll abandon this patch and revisit if it becomes necessary in future.

Revision Contents

PathSize
clang/
docs/
32 lines
include/
clang/
AST/
4 lines
5 lines
Basic/
1 line
3 lines
lib/
CodeGen/
7 lines
3 lines
Sema/
37 lines
test/
CodeGen/
42 lines
SemaCXX/
29 lines

Diff 426116

clang/docs/LanguageExtensions.rst

Show First 20 LinesShow All 2,326 Lines▼ Show 20 Lines
This builtin returns ``expr`` after checking that ``expr`` is a non-member This builtin returns ``expr`` after checking that ``expr`` is a non-member
static call expression. The call to that expression is made while using ``ptr`` static call expression. The call to that expression is made while using ``ptr``
as a function pointer stored in a dedicated register to implement *static chain* as a function pointer stored in a dedicated register to implement *static chain*
calling convention, as used by some language to implement closures or nested calling convention, as used by some language to implement closures or nested
functions. functions.
Query for this feature with ``__has_builtin(__builtin_call_with_static_chain)``. Query for this feature with ``__has_builtin(__builtin_call_with_static_chain)``.
``__builtin_kcfi_call_unchecked``
------------------------------------
``__builtin_kcfi_call_unchecked`` is used to perform an indirect function call
without :ref:`KCFI<kcfi>` type checking when the program is compiled with
``-fsanitize=kcfi``.
**Syntax**:
.. code-block:: c++
T __builtin_kcfi_call_unchecked(T expr)
**Example of Use**:
.. code-block:: c++
int f1(void) { ... }
int (*p)(void) = f1;
int n;
n = p(); // checked
n = __builtin_kcfi_call_unchecked(p()); // unchecked
**Description**:
This builtin returns ``expr`` after checking that ``expr`` is an indirect call
expression, without emitting type checks for the call.
Query for this feature with ``__has_builtin(__builtin_kcfi_call_unchecked)``.
``__builtin_readcyclecounter`` ``__builtin_readcyclecounter``
------------------------------ ------------------------------
``__builtin_readcyclecounter`` is used to access the cycle counter register (or ``__builtin_readcyclecounter`` is used to access the cycle counter register (or
a similar low-latency, high-accuracy clock) on those targets that support it. a similar low-latency, high-accuracy clock) on those targets that support it.
**Syntax**: **Syntax**:
▲ Show 20 LinesShow All 2,268 LinesShow Last 20 Lines

clang/include/clang/AST/Expr.h

Show First 20 LinesShow All 2,956 Lines▼ Show 20 Linespublic:
} }
void setADLCallKind(ADLCallKind V = UsesADL) { void setADLCallKind(ADLCallKind V = UsesADL) {
CallExprBits.UsesADL = static_cast<bool>(V); CallExprBits.UsesADL = static_cast<bool>(V);
} }
bool usesADL() const { return getADLCallKind() == UsesADL; } bool usesADL() const { return getADLCallKind() == UsesADL; }
bool hasStoredFPFeatures() const { return CallExprBits.HasFPFeatures; } bool hasStoredFPFeatures() const { return CallExprBits.HasFPFeatures; }
void setKCFIUnchecked(bool V = true) { CallExprBits.IsKCFIUnchecked = V; }
bool isKCFIUnchecked() const { return CallExprBits.IsKCFIUnchecked; }
Decl *getCalleeDecl() { return getCallee()->getReferencedDeclOfCallee(); } Decl *getCalleeDecl() { return getCallee()->getReferencedDeclOfCallee(); }
const Decl *getCalleeDecl() const { const Decl *getCalleeDecl() const {
return getCallee()->getReferencedDeclOfCallee(); return getCallee()->getReferencedDeclOfCallee();
} }
/// If the callee is a FunctionDecl, return it. Otherwise return null. /// If the callee is a FunctionDecl, return it. Otherwise return null.
FunctionDecl *getDirectCallee() { FunctionDecl *getDirectCallee() {
return dyn_cast_or_null<FunctionDecl>(getCalleeDecl()); return dyn_cast_or_null<FunctionDecl>(getCalleeDecl());
▲ Show 20 LinesShow All 3,495 LinesShow Last 20 Lines

clang/include/clang/AST/Stmt.h

Show First 20 LinesShow All 462 Lines▼ Show 20 Lines class CallExprBitfields {
unsigned NumPreArgs : 1; unsigned NumPreArgs : 1;
/// True if the callee of the call expression was found using ADL. /// True if the callee of the call expression was found using ADL.
unsigned UsesADL : 1; unsigned UsesADL : 1;
/// True if the call expression has some floating-point features. /// True if the call expression has some floating-point features.
unsigned HasFPFeatures : 1; unsigned HasFPFeatures : 1;
/// True if a KCFI check should be omitted for the call expression
unsigned IsKCFIUnchecked : 1;
/// Padding used to align OffsetToTrailingObjects to a byte multiple. /// Padding used to align OffsetToTrailingObjects to a byte multiple.
unsigned : 24 - 3 - NumExprBits; unsigned : 24 - 4 - NumExprBits;
/// The offset in bytes from the this pointer to the start of the /// The offset in bytes from the this pointer to the start of the
/// trailing objects belonging to CallExpr. Intentionally byte sized /// trailing objects belonging to CallExpr. Intentionally byte sized
/// for faster access. /// for faster access.
unsigned OffsetToTrailingObjects : 8; unsigned OffsetToTrailingObjects : 8;
}; };
enum { NumCallExprBits = 32 }; enum { NumCallExprBits = 32 };
▲ Show 20 LinesShow All 3,240 LinesShow Last 20 Lines

clang/include/clang/Basic/Builtins.def

Show First 20 LinesShow All 1,598 Lines▼ Show 20 Lines
// Clang builtins (not available in GCC). // Clang builtins (not available in GCC).
BUILTIN(__builtin_addressof, "v*v&", "nct") BUILTIN(__builtin_addressof, "v*v&", "nct")
BUILTIN(__builtin_function_start, "v*v&", "nct") BUILTIN(__builtin_function_start, "v*v&", "nct")
BUILTIN(__builtin_operator_new, "v*z", "tc") BUILTIN(__builtin_operator_new, "v*z", "tc")
BUILTIN(__builtin_operator_delete, "vv*", "tn") BUILTIN(__builtin_operator_delete, "vv*", "tn")
BUILTIN(__builtin_char_memchr, "c*cC*iz", "n") BUILTIN(__builtin_char_memchr, "c*cC*iz", "n")
BUILTIN(__builtin_dump_struct, "ivC*v*", "tn") BUILTIN(__builtin_dump_struct, "ivC*v*", "tn")
BUILTIN(__builtin_preserve_access_index, "v.", "t") BUILTIN(__builtin_preserve_access_index, "v.", "t")
BUILTIN(__builtin_kcfi_call_unchecked, "v.", "nt")
// Alignment builtins (uses custom parsing to support pointers and integers) // Alignment builtins (uses custom parsing to support pointers and integers)
BUILTIN(__builtin_is_aligned, "bvC*z", "nct") BUILTIN(__builtin_is_aligned, "bvC*z", "nct")
BUILTIN(__builtin_align_up, "v*vC*z", "nct") BUILTIN(__builtin_align_up, "v*vC*z", "nct")
BUILTIN(__builtin_align_down, "v*vC*z", "nct") BUILTIN(__builtin_align_down, "v*vC*z", "nct")
// Safestack builtins // Safestack builtins
BUILTIN(__builtin___get_unsafe_stack_start, "v*", "Fn") BUILTIN(__builtin___get_unsafe_stack_start, "v*", "Fn")
▲ Show 20 LinesShow All 94 LinesShow Last 20 Lines

clang/include/clang/Basic/DiagnosticSemaKinds.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 9,858 Lines▼ Show 20 Linesdef err_first_argument_to_cwsc_block_call : Error<
"first argument to __builtin_call_with_static_chain must not be a block call">; "first argument to __builtin_call_with_static_chain must not be a block call">;
def err_first_argument_to_cwsc_builtin_call : Error< def err_first_argument_to_cwsc_builtin_call : Error<
"first argument to __builtin_call_with_static_chain must not be a builtin call">; "first argument to __builtin_call_with_static_chain must not be a builtin call">;
def err_first_argument_to_cwsc_pdtor_call : Error< def err_first_argument_to_cwsc_pdtor_call : Error<
"first argument to __builtin_call_with_static_chain must not be a pseudo-destructor call">; "first argument to __builtin_call_with_static_chain must not be a pseudo-destructor call">;
def err_second_argument_to_cwsc_not_pointer : Error< def err_second_argument_to_cwsc_not_pointer : Error<
"second argument to __builtin_call_with_static_chain must be of pointer type">; "second argument to __builtin_call_with_static_chain must be of pointer type">;
def err_kcfi_unchecked_argument : Error<
"argument to __builtin_kcfi_call_unchecked must be an indirect call expression">;
def err_vector_incorrect_num_initializers : Error< def err_vector_incorrect_num_initializers : Error<
"%select{too many|too few}0 elements in vector initialization (expected %1 elements, have %2)">; "%select{too many|too few}0 elements in vector initialization (expected %1 elements, have %2)">;
def err_altivec_empty_initializer : Error<"expected initializer">; def err_altivec_empty_initializer : Error<"expected initializer">;
def err_invalid_neon_type_code : Error< def err_invalid_neon_type_code : Error<
"incompatible constant for this __builtin_neon function">; "incompatible constant for this __builtin_neon function">;
def err_argument_invalid_range : Error< def err_argument_invalid_range : Error<
"argument value %0 is outside the valid range [%1, %2]">; "argument value %0 is outside the valid range [%1, %2]">;
▲ Show 20 LinesShow All 1,747 LinesShow Last 20 Lines

clang/lib/CodeGen/CGBuiltin.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 4,604 Lines▼ Show 20 Lines case Builtin::BI__noop:
return RValue::get(ConstantInt::get(IntTy, 0)); return RValue::get(ConstantInt::get(IntTy, 0));
case Builtin::BI__builtin_call_with_static_chain: { case Builtin::BI__builtin_call_with_static_chain: {
const CallExpr *Call = cast<CallExpr>(E->getArg(0)); const CallExpr *Call = cast<CallExpr>(E->getArg(0));
const Expr *Chain = E->getArg(1); const Expr *Chain = E->getArg(1);
return EmitCall(Call->getCallee()->getType(), return EmitCall(Call->getCallee()->getType(),
EmitCallee(Call->getCallee()), Call, ReturnValue, EmitCallee(Call->getCallee()), Call, ReturnValue,
EmitScalarExpr(Chain)); EmitScalarExpr(Chain));
} }
case Builtin::BI__builtin_kcfi_call_unchecked: {
const CallExpr *Call = cast<CallExpr>(E->getArg(0));
CGCallee Callee = EmitCallee(Call->getCallee());
return EmitCall(Call->getCallee()->getType(), Callee, Call, ReturnValue);
}
case Builtin::BI_InterlockedExchange8: case Builtin::BI_InterlockedExchange8:
case Builtin::BI_InterlockedExchange16: case Builtin::BI_InterlockedExchange16:
case Builtin::BI_InterlockedExchange: case Builtin::BI_InterlockedExchange:
case Builtin::BI_InterlockedExchangePointer: case Builtin::BI_InterlockedExchangePointer:
return RValue::get( return RValue::get(
EmitMSVCBuiltinExpr(MSVCIntrin::_InterlockedExchange, E)); EmitMSVCBuiltinExpr(MSVCIntrin::_InterlockedExchange, E));
case Builtin::BI_InterlockedCompareExchangePointer: case Builtin::BI_InterlockedCompareExchangePointer:
case Builtin::BI_InterlockedCompareExchangePointer_nf: { case Builtin::BI_InterlockedCompareExchangePointer_nf: {
▲ Show 20 LinesShow All 14,692 LinesShow Last 20 Lines

clang/lib/CodeGen/CGExpr.cpp

Show First 20 LinesShow All 5,391 Lines▼ Show 20 Lines if (CGM.getCodeGenOpts().SanitizeCfiCrossDso && CrossDsoTypeId) {
CastedCallee, StaticData); CastedCallee, StaticData);
} else { } else {
EmitCheck(std::make_pair(TypeTest, SanitizerKind::CFIICall), EmitCheck(std::make_pair(TypeTest, SanitizerKind::CFIICall),
SanitizerHandler::CFICheckFail, StaticData, SanitizerHandler::CFICheckFail, StaticData,
{CastedCallee, llvm::UndefValue::get(IntPtrTy)}); {CastedCallee, llvm::UndefValue::get(IntPtrTy)});
} }
} }
if (SanOpts.has(SanitizerKind::KCFI) && IsIndirectCall) if (SanOpts.has(SanitizerKind::KCFI) && IsIndirectCall &&
!E->isKCFIUnchecked())
EmitKCFICheck(Callee.getFunctionPointer(), EmitKCFICheck(Callee.getFunctionPointer(),
CGM.CreateKCFITypeId(QualType(FnType, 0))); CGM.CreateKCFITypeId(QualType(FnType, 0)));
CallArgList Args; CallArgList Args;
if (Chain) if (Chain)
Args.add(RValue::get(Builder.CreateBitCast(Chain, CGM.VoidPtrTy)), Args.add(RValue::get(Builder.CreateBitCast(Chain, CGM.VoidPtrTy)),
CGM.getContext().VoidPtrTy); CGM.getContext().VoidPtrTy);
▲ Show 20 LinesShow All 230 LinesShow Last 20 Lines

clang/lib/Sema/SemaChecking.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 423 Lines▼ Show 20 Linesstatic bool SemaBuiltinCallWithStaticChain(Sema &S, CallExpr *BuiltinCall) {
BuiltinCall->setValueKind(CE->getValueKind()); BuiltinCall->setValueKind(CE->getValueKind());
BuiltinCall->setObjectKind(CE->getObjectKind()); BuiltinCall->setObjectKind(CE->getObjectKind());
BuiltinCall->setCallee(Builtin); BuiltinCall->setCallee(Builtin);
BuiltinCall->setArg(1, ChainResult.get()); BuiltinCall->setArg(1, ChainResult.get());
return false; return false;
} }
static bool SemaBuiltinKCFICallUnchecked(Sema &S, CallExpr *BuiltinCall) {
if (checkArgCount(S, BuiltinCall, 1))
return true;
auto *Call = dyn_cast<CallExpr>(BuiltinCall->getArg(0));
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

auto *Call =
https://llvm.org/docs/CodingStandards.html#beware-unnecessary-copies-with-auto

nickdesaulniers: `auto *Call =` https://llvm.org/docs/CodingStandards.html#beware-unnecessary-copies-with-auto
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

Also, can this simply be a dyn_cast rather than dyn_cast_or_null? Don't you already check the arg count above?

nickdesaulniers: Also, can this simply be a `dyn_cast` rather than `dyn_cast_or_null`? Don't you already check…
if (!Call || !Call->getCallee()
->IgnoreImpCasts()
->getType()
->isFunctionPointerType()) {
S.Diag(BuiltinCall->getBeginLoc(), diag::err_kcfi_unchecked_argument)
<< BuiltinCall->getSourceRange();
return true;
}
QualType ReturnTy = Call->getCallReturnType(S.Context);
QualType BuiltinTy = S.Context.getFunctionType(
ReturnTy, {ReturnTy}, FunctionProtoType::ExtProtoInfo());
Expr *Builtin = S.ImpCastExprToType(
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

auto *Builtin =

though I would perhaps not use auto here.

nickdesaulniers: `auto *Builtin =` though I would perhaps not use `auto` here.
BuiltinCall->getCallee()->IgnoreImpCasts(),
S.Context.getPointerType(BuiltinTy), CK_BuiltinFnToFnPtr)
.get();
BuiltinCall->setType(Call->getType());
BuiltinCall->setValueKind(Call->getValueKind());
BuiltinCall->setObjectKind(Call->getObjectKind());
BuiltinCall->setCallee(Builtin);
Call->setKCFIUnchecked();
return false;
}
namespace { namespace {
class ScanfDiagnosticFormatHandler class ScanfDiagnosticFormatHandler
: public analyze_format_string::FormatStringHandler { : public analyze_format_string::FormatStringHandler {
// Accepts the argument index (relative to the first destination index) of the // Accepts the argument index (relative to the first destination index) of the
// argument whose size we want. // argument whose size we want.
using ComputeSizeFunction = using ComputeSizeFunction =
llvm::function_ref<Optional<llvm::APSInt>(unsigned)>; llvm::function_ref<Optional<llvm::APSInt>(unsigned)>;
▲ Show 20 LinesShow All 1,661 Lines▼ Show 20 Lines#include "clang/Basic/Builtins.def"
case Builtin::BI__builtin_preserve_access_index: case Builtin::BI__builtin_preserve_access_index:
if (SemaBuiltinPreserveAI(*this, TheCall)) if (SemaBuiltinPreserveAI(*this, TheCall))
return ExprError(); return ExprError();
break; break;
case Builtin::BI__builtin_call_with_static_chain: case Builtin::BI__builtin_call_with_static_chain:
if (SemaBuiltinCallWithStaticChain(*this, TheCall)) if (SemaBuiltinCallWithStaticChain(*this, TheCall))
return ExprError(); return ExprError();
break; break;
case Builtin::BI__builtin_kcfi_call_unchecked:
if (SemaBuiltinKCFICallUnchecked(*this, TheCall))
return ExprError();
break;
case Builtin::BI__exception_code: case Builtin::BI__exception_code:
case Builtin::BI_exception_code: case Builtin::BI_exception_code:
if (SemaBuiltinSEHScopeCheck(*this, TheCall, Scope::SEHExceptScope, if (SemaBuiltinSEHScopeCheck(*this, TheCall, Scope::SEHExceptScope,
diag::err_seh___except_block)) diag::err_seh___except_block))
return ExprError(); return ExprError();
break; break;
case Builtin::BI__exception_info: case Builtin::BI__exception_info:
case Builtin::BI_exception_info: case Builtin::BI_exception_info:
▲ Show 20 LinesShow All 15,358 LinesShow Last 20 Lines

clang/test/CodeGen/builtin-kcfi-call-unchecked.cpp

  • This file was added.
// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -emit-llvm -fsanitize=kcfi -o - %s | FileCheck %s
#if !__has_builtin(__builtin_kcfi_call_unchecked)
#error "missing __builtin_kcfi_call_unchecked"
#endif
// CHECK: define{{.*}} i32 @_Z1av(){{.*}} prefix i32 [[#%d,HASH1:]]
int a(void) { return 0; }
class A {
public:
static void a();
};
// CHECK: define{{.*}} void @_ZN1A1aEv(){{.*}} prefix i32 [[#%d,HASH2:]]
void A::a() {}
void h(void) {
// CHECK: store ptr @_Z1av, ptr %
// CHECK: %[[#P1:]] = load ptr, ptr %
// CHECK: call void @llvm.kcfi.check(ptr %[[#P1]], i32 [[#HASH1]])
// CHECK: call{{.*}} i32 %[[#P1]]()
({ a; })();
// CHECK: store ptr @_Z1av, ptr %
// CHECK: %[[#P2:]] = load ptr, ptr %
// CHECK-NOT: call void @llvm.kcfi.check
// CHECK: call{{.*}} i32 %[[#P2]]()
__builtin_kcfi_call_unchecked(({ a; })());
// CHECK: store ptr @_ZN1A1aEv, ptr %
// CHECK: %[[#P3:]] = load ptr, ptr %
// CHECK: call void @llvm.kcfi.check(ptr %[[#P3]], i32 [[#HASH2]])
// CHECK: call void %[[#P3]]()
({ &A::a; })();
// CHECK: store ptr @_ZN1A1aEv, ptr %
// CHECK: %[[#P4:]] = load ptr, ptr %
// CHECK-NOT: call void @llvm.kcfi.check
// CHECK: call void %[[#P4]]()
__builtin_kcfi_call_unchecked(({ &A::a; })());
}

clang/test/SemaCXX/builtins.cpp

Show All 37 Linesnamespace addressof {
static_assert(&pt->n == &t.n, ""); static_assert(&pt->n == &t.n, "");
struct U { int n : 5; } u; struct U { int n : 5; } u;
int *pbf = __builtin_addressof(u.n); // expected-error {{address of bit-field requested}} int *pbf = __builtin_addressof(u.n); // expected-error {{address of bit-field requested}}
S *ptmp = __builtin_addressof(S{}); // expected-error {{taking the address of a temporary}} S *ptmp = __builtin_addressof(S{}); // expected-error {{taking the address of a temporary}}
} }
namespace kcfi_call_unchecked {
int a(void) { return 0; }
struct S {
int f(void) { return 1; }
static int g(void) { return 2; }
} s;
static int n;
int &b(int (*p)(void)) {
n += p();
return n;
}
int (*p1)(void) = a;
int (*p2)(void) = &S::g;
int &(*p3)(int (*)(void)) = b;
void test() {
__builtin_kcfi_call_unchecked(p1());
__builtin_kcfi_call_unchecked(p2());
__builtin_kcfi_call_unchecked(p3(p1));
__builtin_kcfi_call_unchecked(p1); // expected-error {{argument to __builtin_kcfi_call_unchecked must be an indirect call expression}}
__builtin_kcfi_call_unchecked(p1, p2); // expected-error {{too many arguments to function call, expected 1, have 2}}
__builtin_kcfi_call_unchecked(a()); // expected-error {{argument to __builtin_kcfi_call_unchecked must be an indirect call expression}}
__builtin_kcfi_call_unchecked(s.f()); // expected-error {{argument to __builtin_kcfi_call_unchecked must be an indirect call expression}}
__builtin_kcfi_call_unchecked(S::g()); // expected-error {{argument to __builtin_kcfi_call_unchecked must be an indirect call expression}}
static_assert(__is_same(decltype(__builtin_kcfi_call_unchecked(p1())), int), "");
static_assert(__is_same(decltype(__builtin_kcfi_call_unchecked(p3(p1))), int &), "");
}
} // namespace kcfi_call_unchecked
namespace function_start { namespace function_start {
void a(void) {} void a(void) {}
int n; int n;
void *p = __builtin_function_start(n); // expected-error {{argument must be a function}} void *p = __builtin_function_start(n); // expected-error {{argument must be a function}}
static_assert(__builtin_function_start(a) == a, ""); // expected-error {{static_assert expression is not an integral constant expression}} static_assert(__builtin_function_start(a) == a, ""); // expected-error {{static_assert expression is not an integral constant expression}}
} // namespace function_start } // namespace function_start
void no_ms_builtins() { void no_ms_builtins() {
▲ Show 20 LinesShow All 113 LinesShow Last 20 Lines