This is an archive of the discontinued LLVM Phabricator instance.

Differential D139395

Add CFI integer types normalization
ClosedPublic

Authored by rcvalle on Dec 5 2022, 11:51 PM.

Details

Reviewers
pcc
samitolvanen
Commits
rG71c7313f42d2: Add CFI integer types normalization
rGb1e9ab7438a0: Add CFI integer types normalization
Summary

This commit adds a new option (i.e.,
-fsanitize-cfi-icall-normalize-integers) for normalizing integer types
as vendor extended types for cross-language LLVM CFI/KCFI support with
other languages that can't represent and encode C/C++ integer types.

Specifically, integer types are encoded as their defined representations
(e.g., 8-bit signed integer, 16-bit signed integer, 32-bit signed
integer, ...) for compatibility with languages that define
explicitly-sized integer types (e.g., i8, i16, i32, ..., in Rust).

`-fsanitize-cfi-icall-normalize-integers` is compatible with
`-fsanitize-cfi-icall-generalize-pointers`.

This helps with providing cross-language CFI support with the Rust
compiler and is an alternative solution for the issue described and
alternatives proposed in the RFC
https://github.com/rust-lang/rfcs/pull/3296.

For more information about LLVM CFI/KCFI and cross-language LLVM
CFI/KCFI support for the Rust compiler, see the design document in the
tracking issue https://github.com/rust-lang/rust/issues/89653.

Diff Detail

Event Timeline

rcvalle created this revision.Dec 5 2022, 11:51 PM
Herald added a project: Restricted Project. · View Herald TranscriptDec 5 2022, 11:51 PM
Herald added a subscriber: JDevlieghere. · View Herald Transcript
rcvalle requested review of this revision.Dec 5 2022, 11:51 PM
Herald added a project: Restricted Project. · View Herald TranscriptDec 5 2022, 11:51 PM
Herald added subscribers: cfe-commits, MaskRay. · View Herald Transcript
rcvalle updated this revision to Diff 480349.Dec 5 2022, 11:57 PM
rcvalle retitled this revision from Add support for integer types notmalization to Add support for integer types normalization.

Fixed typo in commit message

ojeda added a subscriber: ojeda.Dec 6 2022, 4:19 AM
Harbormaster completed remote builds in B201296: Diff 480349.Dec 6 2022, 4:20 AM
ojeda added subscribers: nathanchance, nickdesaulniers.Dec 6 2022, 4:30 AM

Cc @nickdesaulniers @nathanchance

pnkfelix added a subscriber: pnkfelix.Dec 6 2022, 7:08 AM
samitolvanen added subscribers: samitolvanen, pcc.Dec 6 2022, 8:16 AM
rcvalle added a comment.Dec 6 2022, 9:05 AM

FYI, I'll still add (hopefully today) documentation for the new -fsanitize-cfi-icall-normalize-integers option and compression for these types.

rcvalle updated this revision to Diff 480700.Dec 6 2022, 4:58 PM
rcvalle retitled this revision from Add support for integer types normalization to Add CFI integer types normalization.
rcvalle edited the summary of this revision. (Show Details)

Added documentation

rcvalle updated this revision to Diff 480773.Dec 6 2022, 10:21 PM

Added compression

rcvalle updated this revision to Diff 480775.Dec 6 2022, 10:39 PM

Fixed comments

comex added a subscriber: comex.Dec 7 2022, 12:22 AM
Harbormaster completed remote builds in B201613: Diff 480775.Dec 7 2022, 9:24 AM
rcvalle updated this revision to Diff 481016.Dec 7 2022, 12:38 PM

Updated tests

Harbormaster completed remote builds in B201778: Diff 481016.Dec 7 2022, 9:56 PM
rcvalle updated this revision to Diff 482327.Dec 12 2022, 5:56 PM

Added ".normalized" suffix

nickdesaulniers added subscribers: hjl.tools, rjmccall.Dec 12 2022, 6:06 PM

Thanks for the patch and the work on cross language CFI support!

I wonder if we have precedent for other non-standard extensions to ItaniumMangleContextImpl? I wonder if we should perhaps have a distinct subclass to denote that this is not the standard mangling scheme. It would be nice perhaps to get this standardized in https://itanium-cxx-abi.github.io/cxx-abi/abi.html#mangling.
https://github.com/itanium-cxx-abi/cxx-abi

cc @rjmccall @hjl.tools

pcc added a reviewer: pcc.Dec 12 2022, 6:56 PM

A high level question is whether we want to base the cross-language encoding on Itanium at all. Itanium has concepts such as substitutions that will complicate the implementation in other languages. Encoding pointee types can also lead to complications in cross-language encodings.

It may be better to consider developing a custom encoding. For the encoding being prototyped for the pointer authentication ABI on Android, the Rust side of the implementation is very simple:

https://github.com/pcc/rust/blob/d37ad119171635219ff21e054780d31024d24200/compiler/rustc_ty_utils/src/abi.rs#L396

clang/lib/AST/ItaniumMangle.cpp
2953

isInteger() will return true for enums, but only if they are complete. This would mean that code such as

void (*f)(enum E *e);

void g() {
  f(0);
}

would use a different encoding to call f depending on whether the TU completes the enum E, if pointee types are considered part of the encoding.

rcvalle added a comment.Dec 12 2022, 7:05 PM

I elaborated on the reasons why not use a generalized encoding in the design document in the tracking issue https://github.com/rust-lang/rust/issues/89653. The tl;dr; is that it will result in less comprehensive protection by either using a generalized encoding for all C and C++ -compiled code or across the FFI boundary, and will degrade the security of the program when linking foreign Rust-compiled code into a program written in C or C++ because the program previously used a more comprehensive encoding for all its compiled code, not fixing the issue described in the design document and the RFC https://github.com/rcvalle/rfcs/blob/improve-c-types-for-cross-language-cfi/text/0000-improve-c-types-for-cross-language-cfi.md#appendix.

rcvalle added inline comments.Dec 12 2022, 7:26 PM
clang/lib/AST/ItaniumMangle.cpp
2953

Isn't isIntegerType() that does that? isInteger() definition is:

bool isInteger() const {
  return getKind() >= Bool && getKind() <= Int128;
}
Harbormaster completed remote builds in B202732: Diff 482327.Dec 12 2022, 7:38 PM
pcc added a comment.Dec 12 2022, 7:52 PM
In D139395#3990772, @rcvalle wrote:

I elaborated on the reasons why not use a generalized encoding in the design document in the tracking issue https://github.com/rust-lang/rust/issues/89653. The tl;dr; is that it will result in less comprehensive protection by either using a generalized encoding for all C and C++ -compiled code or across the FFI boundary, and will degrade the security of the program when linking foreign Rust-compiled code into a program written in C or C++ because the program previously used a more comprehensive encoding for all its compiled code, not fixing the issue described in the design document and the RFC https://github.com/rcvalle/rfcs/blob/improve-c-types-for-cross-language-cfi/text/0000-improve-c-types-for-cross-language-cfi.md#appendix.

Ack.

clang/lib/AST/ItaniumMangle.cpp
2953

Ah yes, sorry, somehow I read this as a call to isIntegerType().

rcvalle updated this revision to Diff 482699.Dec 13 2022, 8:41 PM

Updated tests

rcvalle updated this revision to Diff 482708.Dec 13 2022, 9:13 PM

Added KCFI support

Harbormaster completed remote builds in B203011: Diff 482708.Dec 13 2022, 9:58 PM
samitolvanen added a comment.Jan 19 2023, 12:58 PM

Thanks for the patch, Ramon. This looks like a reasonable approach to me, and just for reference, here appears to be the corresponding rustc change:

https://github.com/rust-lang/rust/pull/105452/commits/9087c336103d0fa0b465acf8dbc1e4651250fb05

@pcc did you have any other concerns about adding this option?

pcc added a comment.Jan 19 2023, 5:00 PM
In D139395#4066948, @samitolvanen wrote:

Thanks for the patch, Ramon. This looks like a reasonable approach to me, and just for reference, here appears to be the corresponding rustc change:

https://github.com/rust-lang/rust/pull/105452/commits/9087c336103d0fa0b465acf8dbc1e4651250fb05

@pcc did you have any other concerns about adding this option?

I discussed this out of band with Ramon and we agreed that the new option should be marked as experimental because the rustc implementation is not yet finalized. I think that the criteria for removing the experimental marking should be that there is a full implementation of integer normalization for Rust (or some other language) that has been tested against a large codebase that uses FFI. Aside from that I have no further concerns.

rcvalle updated this revision to Diff 490976.Jan 20 2023, 2:28 PM

Mark as experimental

samitolvanen added a comment.Jan 20 2023, 4:37 PM
In D139395#4067391, @pcc wrote:

I discussed this out of band with Ramon and we agreed that the new option should be marked as experimental because the rustc implementation is not yet finalized. I think that the criteria for removing the experimental marking should be that there is a full implementation of integer normalization for Rust (or some other language) that has been tested against a large codebase that uses FFI.

Sure, that makes sense.

clang/docs/ControlFlowIntegrity.rst
241

An extra dash in the title.

Harbormaster completed remote builds in B209073: Diff 490976.Jan 20 2023, 4:47 PM
rcvalle updated this revision to Diff 491013.Jan 20 2023, 6:10 PM

Fixed typo

rcvalle marked an inline comment as done.Jan 20 2023, 6:11 PM
rcvalle added inline comments.
clang/docs/ControlFlowIntegrity.rst
241

Fixed. Thank you!

Harbormaster completed remote builds in B209103: Diff 491013.Jan 20 2023, 7:37 PM
samitolvanen accepted this revision.Jan 25 2023, 1:29 PM
samitolvanen added a reviewer: samitolvanen.

Thanks, LGTM. @pcc, does this version look fine to you?

This revision is now accepted and ready to land.Jan 25 2023, 1:29 PM
pcc accepted this revision.Jan 31 2023, 10:22 AM

LGTM with nits

clang/lib/CodeGen/CodeGenModule.cpp
1731

Is the !! necessary here?

6953

Likewise

clang/test/CodeGen/cfi-icall-normalize.c
56–76

Shouldn't these all be checking for specific types? Since you're specifying a triple, the width and signedness of the integer types are fixed.

clang/test/CodeGen/cfi-icall-normalize2.c
10

Likewise; also below

rcvalle updated this revision to Diff 493732.Jan 31 2023, 2:21 PM
rcvalle marked an inline comment as done.

Changed as per review

rcvalle marked 4 inline comments as done.Jan 31 2023, 2:23 PM
rcvalle added inline comments.
clang/lib/CodeGen/CodeGenModule.cpp
1731

Fixed. Thank you!

6953

Fixed. Thank you!

clang/test/CodeGen/cfi-icall-normalize.c
56–76

Fixed. Thank you!

clang/test/CodeGen/cfi-icall-normalize2.c
10

Fixed. Thank you!

pcc accepted this revision.Jan 31 2023, 2:30 PM

LGTM

Harbormaster completed remote builds in B211072: Diff 493732.Jan 31 2023, 4:35 PM
Closed by commit rGb1e9ab7438a0: Add CFI integer types normalization (authored by rcvalle, committed by samitolvanen). · Explain WhyFeb 1 2023, 9:48 AM
This revision was automatically updated to reflect the committed changes.
samitolvanen added a commit: rGb1e9ab7438a0: Add CFI integer types normalization.
hctim added a subscriber: hctim.Feb 2 2023, 3:46 PM

Hey folks, looks like this caused a failure on the msan buildbot: https://lab.llvm.org/buildbot/#/builders/237/builds/785

It's been had a long-running bug that I'm still tracking down but seems like this is a new failure caused by this patch. The track-origins log is copied below for your convenience.

The bot can be reproduced by following the instructions at https://github.com/google/sanitizers/wiki/SanitizerBotReproduceBuild, you'd want to substitute buildbot_fast.sh for buildbot_bootstrap_msan.sh though. Given the bot is already red when this was committed, please ignore any failures other than this one.

==3442210==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0xaaaaf388495c in (anonymous namespace)::CXXNameMangler::mangleUnqualifiedName(clang::GlobalDecl, clang::DeclarationName, clang::DeclContext const*, unsigned int, llvm::SmallVector<llvm::StringRef, 4u> const*) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/AST/ItaniumMangle.cpp:1631:9
    #1 0xaaaaf389ab8c in mangleUnqualifiedName /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/AST/ItaniumMangle.cpp:501:5
    #2 0xaaaaf389ab8c in (anonymous namespace)::CXXNameMangler::mangleNestedName(clang::GlobalDecl, clang::DeclContext const*, llvm::SmallVector<llvm::StringRef, 4u> const*, bool) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/AST/ItaniumMangle.cpp:1735:5
    #3 0xaaaaf3847b20 in (anonymous namespace)::CXXNameMangler::mangleFunctionEncoding(clang::GlobalDecl) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/AST/ItaniumMangle.cpp:811:5
    #4 0xaaaaf38985fc in (anonymous namespace)::CXXNameMangler::mangleLocalName(clang::GlobalDecl, llvm::SmallVector<llvm::StringRef, 4u> const*) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/AST/ItaniumMangle.cpp:1806:7
    #5 0xaaaaf3897d00 in (anonymous namespace)::CXXNameMangler::mangleType(clang::TagType const*) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/AST/ItaniumMangle.cpp:3468:3
    #6 0xaaaaf384e184 in (anonymous namespace)::CXXNameMangler::mangleType(clang::QualType) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/AST/ItaniumMangle.cpp
    #7 0xaaaaf384106c in (anonymous namespace)::ItaniumMangleContextImpl::mangleCXXRTTIName(clang::QualType, llvm::raw_ostream&, bool) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/AST/ItaniumMangle.cpp:6626:11
    #8 0xaaaaeb77c768 in clang::CodeGen::CodeGenTBAA::getBaseTypeInfoHelper(clang::Type const*) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenTBAA.cpp:394:16
    #9 0xaaaaeb777978 in getBaseTypeInfo /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenTBAA.cpp:427:28
    #10 0xaaaaeb777978 in clang::CodeGen::CodeGenTBAA::getTypeInfo(clang::QualType) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenTBAA.cpp:242:12
    #11 0xaaaaeb779184 in clang::CodeGen::CodeGenTBAA::getAccessInfo(clang::QualType) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenTBAA.cpp:265:25
    #12 0xaaaaeb0c2cfc in MakeAddrLValue /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenFunction.h:2494:33
    #13 0xaaaaeb0c2cfc in (anonymous namespace)::AggExprEmitter::VisitLambdaExpr(clang::LambdaExpr*) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGExprAgg.cpp:1350:23
    #14 0xaaaaeb0ab220 in Visit /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGExprAgg.cpp:108:34
    #15 0xaaaaeb0ab220 in clang::CodeGen::CodeGenFunction::EmitAggExpr(clang::Expr const*, clang::CodeGen::AggValueSlot) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGExprAgg.cpp:2038:49
    #16 0xaaaaea90e15c in clang::CodeGen::CodeGenFunction::EmitAnyExpr(clang::Expr const*, clang::CodeGen::AggValueSlot, bool) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGExpr.cpp:224:5
    #17 0xaaaaea910c80 in clang::CodeGen::CodeGenFunction::EmitAnyExprToTemp(clang::Expr const*) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGExpr.cpp:237:10
    #18 0xaaaaeac28f4c in clang::CodeGen::CodeGenFunction::EmitCallArg(clang::CodeGen::CallArgList&, clang::Expr const*, clang::QualType) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGCall.cpp:4461:12
    #19 0xaaaaeac25c34 in clang::CodeGen::CodeGenFunction::EmitCallArgs(clang::CodeGen::CallArgList&, clang::CodeGen::CodeGenFunction::PrototypeWrapper, llvm::iterator_range<clang::Stmt::CastIterator<clang::Expr, clang::Expr const* const, clang::Stmt const* const>>, clang::CodeGen::CodeGenFunction::AbstractCallee, unsigned int, clang::CodeGen::CodeGenFunction::EvaluationOrder) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGCall.cpp:4308:5
    #20 0xaaaaea9733d0 in clang::CodeGen::CodeGenFunction::EmitCall(clang::QualType, clang::CodeGen::CGCallee const&, clang::CallExpr const*, clang::CodeGen::ReturnValueSlot, llvm::Value*) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGExpr.cpp:5435:3
    #21 0xaaaaea970394 in clang::CodeGen::CodeGenFunction::EmitCallExpr(clang::CallExpr const*, clang::CodeGen::ReturnValueSlot) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGExpr.cpp:4999:10
    #22 0xaaaaeacbeb28 in (anonymous namespace)::ScalarExprEmitter::VisitCallExpr(clang::CallExpr const*) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGExprScalar.cpp:580:20
    #23 0xaaaaeac88628 in Visit /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGExprScalar.cpp:407:52
    #24 0xaaaaeac88628 in clang::CodeGen::CodeGenFunction::EmitScalarExpr(clang::Expr const*, bool) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGExprScalar.cpp:5044:8
    #25 0xaaaaea90d7ac in clang::CodeGen::CodeGenFunction::EvaluateExprAsBool(clang::Expr const*) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGExpr.cpp:183:33
    #26 0xaaaaea9a2dc0 in clang::CodeGen::CodeGenFunction::EmitBranchOnBoolExpr(clang::Expr const*, llvm::BasicBlock*, llvm::BasicBlock*, unsigned long, clang::Stmt::Likelihood) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenFunction.cpp:1883:13
    #27 0xaaaaea9d3f04 in clang::CodeGen::CodeGenFunction::EmitIfStmt(clang::IfStmt const&) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGStmt.cpp:833:3
    #28 0xaaaaea9d2888 in EmitCompoundStmtWithoutScope /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGStmt.cpp:535:7
    #29 0xaaaaea9d2888 in EmitCompoundStmt /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGStmt.cpp:486:10
    #30 0xaaaaea9d2888 in clang::CodeGen::CodeGenFunction::EmitSimpleStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGStmt.cpp:442:5
    #31 0xaaaaea9d0c74 in clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGStmt.cpp:59:7
    #32 0xaaaaeac5614c in clang::CodeGen::CodeGenFunction::EmitConstructorBody(clang::CodeGen::FunctionArgList&) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGClass.cpp
    #33 0xaaaaea99f2c8 in clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, llvm::Function*, clang::CodeGen::CGFunctionInfo const&) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenFunction.cpp:1439:5
    #34 0xaaaaeb174904 in clang::CodeGen::CodeGenModule::codegenCXXStructor(clang::GlobalDecl) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CGCXX.cpp:215:26
    #35 0xaaaaea8a2024 in (anonymous namespace)::ItaniumCXXABI::emitCXXStructor(clang::GlobalDecl) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/ItaniumCXXABI.cpp:4375:28
    #36 0xaaaaea7893f8 in clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, llvm::GlobalValue*) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:3638:14
    #37 0xaaaaea759064 in clang::CodeGen::CodeGenModule::EmitDeferred() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:2808:5
    #38 0xaaaaea7590dc in clang::CodeGen::CodeGenModule::EmitDeferred() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:2814:7
    #39 0xaaaaea7590dc in clang::CodeGen::CodeGenModule::EmitDeferred() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:2814:7
    #40 0xaaaaea7590dc in clang::CodeGen::CodeGenModule::EmitDeferred() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:2814:7
    #41 0xaaaaea7590dc in clang::CodeGen::CodeGenModule::EmitDeferred() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:2814:7
    #42 0xaaaaea7590dc in clang::CodeGen::CodeGenModule::EmitDeferred() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:2814:7
    #43 0xaaaaea7590dc in clang::CodeGen::CodeGenModule::EmitDeferred() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:2814:7
    #44 0xaaaaea7590dc in clang::CodeGen::CodeGenModule::EmitDeferred() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:2814:7
    #45 0xaaaaea7590dc in clang::CodeGen::CodeGenModule::EmitDeferred() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:2814:7
    #46 0xaaaaea7590dc in clang::CodeGen::CodeGenModule::EmitDeferred() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:2814:7
    #47 0xaaaaea751844 in clang::CodeGen::CodeGenModule::Release() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:515:3
    #48 0xaaaaec54f928 in (anonymous namespace)::CodeGeneratorImpl::HandleTranslationUnit(clang::ASTContext&) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/ModuleBuilder.cpp:287:18
    #49 0xaaaaec545b40 in clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/CodeGen/CodeGenAction.cpp:308:14
    #50 0xaaaaf0528bb4 in clang::ParseAST(clang::Sema&, bool, bool) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/Parse/ParseAST.cpp:196:13
    #51 0xaaaaec265424 in clang::FrontendAction::Execute() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1058:8
    #52 0xaaaaec0b940c in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1046:33
    #53 0xaaaaec52f63c in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:264:25
    #54 0xaaaae2356ecc in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/tools/driver/cc1_main.cpp:251:15
    #55 0xaaaae23486dc in ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/tools/driver/driver.cpp:360:12
    #56 0xaaaaebcb7740 in operator() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/Driver/Job.cpp:428:34
    #57 0xaaaaebcb7740 in void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::__1::optional<llvm::StringRef>>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>*, bool*) const::$_0>(long) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/llvm/include/llvm/ADT/STLFunctionalExtras.h:45:12
    #58 0xaaaae9ad4730 in operator() /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/llvm/include/llvm/ADT/STLFunctionalExtras.h:68:12
    #59 0xaaaae9ad4730 in llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:426:3
    #60 0xaaaaebcb51ac in clang::driver::CC1Command::Execute(llvm::ArrayRef<std::__1::optional<llvm::StringRef>>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>*, bool*) const /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/Driver/Job.cpp:428:12
    #61 0xaaaaebbf7d68 in clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/Driver/Compilation.cpp:199:15
    #62 0xaaaaebbf8a60 in clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::__1::pair<int, clang::driver::Command const*>>&, bool) const /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/Driver/Compilation.cpp:253:19
    #63 0xaaaaebc4edcc in clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::__1::pair<int, clang::driver::Command const*>>&) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/Driver/Driver.cpp:1853:5
    #64 0xaaaae234449c in clang_main(int, char**) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/tools/driver/driver.cpp:562:21
    #65 0xffff861a73f8  (/lib/aarch64-linux-gnu/libc.so.6+0x273f8) (BuildId: f37f3aa07c797e333fd106472898d361f71798f5)
    #66 0xffff861a74c8 in __libc_start_main (/lib/aarch64-linux-gnu/libc.so.6+0x274c8) (BuildId: f37f3aa07c797e333fd106472898d361f71798f5)
    #67 0xaaaae22b4a2c in _start (/b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm_build_msan_track_origins/bin/clang-17+0x5934a2c)
  Uninitialized value was created by an allocation of 'Mangler' in the stack frame
    #0 0xaaaaf3840e88 in (anonymous namespace)::ItaniumMangleContextImpl::mangleCXXRTTIName(clang::QualType, llvm::raw_ostream&, bool) /b/sanitizer-aarch64-linux-bootstrap-msan/build/llvm-project/clang/lib/AST/ItaniumMangle.cpp:6624:3
hctim added a reverting change: rGb88ebb3d94cb: Revert "Add CFI integer types normalization".Feb 2 2023, 3:52 PM
rcvalle reopened this revision.Feb 7 2023, 9:11 PM
rcvalle marked 4 inline comments as done.
This revision is now accepted and ready to land.Feb 7 2023, 9:11 PM
rcvalle updated this revision to Diff 495718.Feb 7 2023, 9:12 PM

Fixed use of uninitialized value

Harbormaster completed remote builds in B212523: Diff 495718.Feb 7 2023, 10:38 PM
rcvalle updated this revision to Diff 495860.Feb 8 2023, 8:23 AM

Fixed initialization order warning

Harbormaster completed remote builds in B212621: Diff 495860.Feb 8 2023, 10:10 AM
samitolvanen accepted this revision.Feb 8 2023, 2:23 PM

Thanks for fixing the MSan issue, Ramon. There's still a clang-format error that trips the Debian build above, but it's trivial so I can fix it when relanding the patch.

This revision was landed with ongoing or failed builds.Feb 8 2023, 2:25 PM
Closed by commit rG71c7313f42d2: Add CFI integer types normalization (authored by rcvalle, committed by samitolvanen). · Explain Why
This revision was automatically updated to reflect the committed changes.
samitolvanen added a commit: rG71c7313f42d2: Add CFI integer types normalization.

Revision Contents

PathSize
clang/
docs/
19 lines
8 lines
include/
clang/
AST/
6 lines
Basic/
2 lines
Driver/
4 lines
1 line
lib/
AST/
104 lines
13 lines
CodeGen/
13 lines
Driver/
6 lines
test/
CodeGen/
78 lines
29 lines
33 lines

Diff 493991

clang/docs/ControlFlowIntegrity.rst

Show First 20 LinesShow All 230 Lines▼ Show 20 Lines
Specifically, pointers in return and argument types are treated as equivalent as Specifically, pointers in return and argument types are treated as equivalent as
long as the qualifiers for the type they point to match. For example, ``char*``, long as the qualifiers for the type they point to match. For example, ``char*``,
``char**``, and ``int*`` are considered equivalent types. However, ``char*`` and ``char**``, and ``int*`` are considered equivalent types. However, ``char*`` and
``const char*`` are considered separate types. ``const char*`` are considered separate types.
``-fsanitize-cfi-icall-generalize-pointers`` is not compatible with ``-fsanitize-cfi-icall-generalize-pointers`` is not compatible with
``-fsanitize-cfi-cross-dso``. ``-fsanitize-cfi-cross-dso``.
.. _cfi-icall-experimental-normalize-integers:
``-fsanitize-cfi-icall-experimental-normalize-integers``
samitolvanenUnsubmitted
Done
ReplyInline Actions

An extra dash in the title.

samitolvanen: An extra dash in the title.
rcvalleAuthorUnsubmitted
Done
ReplyInline Actions

Fixed. Thank you!

rcvalle: Fixed. Thank you!
--------------------------------------------------------
This option enables normalizing integer types as vendor extended types for
cross-language LLVM CFI/KCFI support with other languages that can't represent
and encode C/C++ integer types.
Specifically, integer types are encoded as their defined representations (e.g.,
8-bit signed integer, 16-bit signed integer, 32-bit signed integer, ...) for
compatibility with languages that define explicitly-sized integer types (e.g.,
i8, i16, i32, ..., in Rust).
``-fsanitize-cfi-icall-experimental-normalize-integers`` is compatible with
``-fsanitize-cfi-icall-generalize-pointers``.
This option is currently experimental.
.. _cfi-canonical-jump-tables: .. _cfi-canonical-jump-tables:
``-fsanitize-cfi-canonical-jump-tables`` ``-fsanitize-cfi-canonical-jump-tables``
---------------------------------------- ----------------------------------------
The default behavior of Clang's indirect function call checker will replace The default behavior of Clang's indirect function call checker will replace
the address of each CFI-checked function in the output file's symbol table the address of each CFI-checked function in the output file's symbol table
with the address of a jump table entry which will pass CFI checks. We refer with the address of a jump table entry which will pass CFI checks. We refer
▲ Show 20 LinesShow All 159 LinesShow Last 20 Lines

clang/docs/UsersManual.rst

Show First 20 LinesShow All 1,986 Lines▼ Show 20 Lines.. option:: -fsanitize-cfi-cross-dso
of cross-DSO virtual and indirect calls. of cross-DSO virtual and indirect calls.
.. option:: -fsanitize-cfi-icall-generalize-pointers .. option:: -fsanitize-cfi-icall-generalize-pointers
Generalize pointers in return and argument types in function type signatures Generalize pointers in return and argument types in function type signatures
checked by Control Flow Integrity indirect call checking. See checked by Control Flow Integrity indirect call checking. See
:doc:`ControlFlowIntegrity` for more details. :doc:`ControlFlowIntegrity` for more details.
.. option:: -fsanitize-cfi-icall-experimental-normalize-integers
Normalize integers in return and argument types in function type signatures
checked by Control Flow Integrity indirect call checking. See
:doc:`ControlFlowIntegrity` for more details.
This option is currently experimental.
.. option:: -fstrict-vtable-pointers .. option:: -fstrict-vtable-pointers
Enable optimizations based on the strict rules for overwriting polymorphic Enable optimizations based on the strict rules for overwriting polymorphic
C++ objects, i.e. the vptr is invariant during an object's lifetime. C++ objects, i.e. the vptr is invariant during an object's lifetime.
This enables better devirtualization. Turned off by default, because it is This enables better devirtualization. Turned off by default, because it is
still experimental. still experimental.
.. option:: -fwhole-program-vtables .. option:: -fwhole-program-vtables
▲ Show 20 LinesShow All 2,461 LinesShow Last 20 Lines

clang/include/clang/AST/Mangle.h

Show First 20 LinesShow All 134 Lines▼ Show 20 Lines virtual void mangleThunk(const CXXMethodDecl *MD,
raw_ostream &) = 0; raw_ostream &) = 0;
virtual void mangleCXXDtorThunk(const CXXDestructorDecl *DD, CXXDtorType Type, virtual void mangleCXXDtorThunk(const CXXDestructorDecl *DD, CXXDtorType Type,
const ThisAdjustment &ThisAdjustment, const ThisAdjustment &ThisAdjustment,
raw_ostream &) = 0; raw_ostream &) = 0;
virtual void mangleReferenceTemporary(const VarDecl *D, virtual void mangleReferenceTemporary(const VarDecl *D,
unsigned ManglingNumber, unsigned ManglingNumber,
raw_ostream &) = 0; raw_ostream &) = 0;
virtual void mangleCXXRTTI(QualType T, raw_ostream &) = 0; virtual void mangleCXXRTTI(QualType T, raw_ostream &) = 0;
virtual void mangleCXXRTTIName(QualType T, raw_ostream &) = 0; virtual void mangleCXXRTTIName(QualType T, raw_ostream &,
bool NormalizeIntegers = false) = 0;
virtual void mangleStringLiteral(const StringLiteral *SL, raw_ostream &) = 0; virtual void mangleStringLiteral(const StringLiteral *SL, raw_ostream &) = 0;
virtual void mangleMSGuidDecl(const MSGuidDecl *GD, raw_ostream&); virtual void mangleMSGuidDecl(const MSGuidDecl *GD, raw_ostream&);
void mangleGlobalBlock(const BlockDecl *BD, void mangleGlobalBlock(const BlockDecl *BD,
const NamedDecl *ID, const NamedDecl *ID,
raw_ostream &Out); raw_ostream &Out);
void mangleCtorBlock(const CXXConstructorDecl *CD, CXXCtorType CT, void mangleCtorBlock(const CXXConstructorDecl *CD, CXXCtorType CT,
const BlockDecl *BD, raw_ostream &Out); const BlockDecl *BD, raw_ostream &Out);
Show All 20 Linespublic:
virtual void mangleSEHFinallyBlock(GlobalDecl EnclosingDecl, virtual void mangleSEHFinallyBlock(GlobalDecl EnclosingDecl,
raw_ostream &Out) = 0; raw_ostream &Out) = 0;
/// Generates a unique string for an externally visible type for use with TBAA /// Generates a unique string for an externally visible type for use with TBAA
/// or type uniquing. /// or type uniquing.
/// TODO: Extend this to internal types by generating names that are unique /// TODO: Extend this to internal types by generating names that are unique
/// across translation units so it can be used with LTO. /// across translation units so it can be used with LTO.
virtual void mangleTypeName(QualType T, raw_ostream &) = 0; virtual void mangleTypeName(QualType T, raw_ostream &,
bool NormalizeIntegers = false) = 0;
/// @} /// @}
}; };
class ItaniumMangleContext : public MangleContext { class ItaniumMangleContext : public MangleContext {
public: public:
using DiscriminatorOverrideTy = using DiscriminatorOverrideTy =
std::optional<unsigned> (*)(ASTContext &, const NamedDecl *); std::optional<unsigned> (*)(ASTContext &, const NamedDecl *);
▲ Show 20 LinesShow All 130 LinesShow Last 20 Lines

clang/include/clang/Basic/CodeGenOptions.def

Show First 20 LinesShow All 251 Lines▼ Show 20 LinesCODEGENOPT(SanitizeMemoryParamRetval, 1, 0) ///< Enable detection of uninitialized
///< in MemorySanitizer ///< in MemorySanitizer
CODEGENOPT(SanitizeMemoryUseAfterDtor, 1, 0) ///< Enable use-after-delete detection CODEGENOPT(SanitizeMemoryUseAfterDtor, 1, 0) ///< Enable use-after-delete detection
///< in MemorySanitizer ///< in MemorySanitizer
CODEGENOPT(SanitizeCfiCrossDso, 1, 0) ///< Enable cross-dso support in CFI. CODEGENOPT(SanitizeCfiCrossDso, 1, 0) ///< Enable cross-dso support in CFI.
CODEGENOPT(SanitizeMinimalRuntime, 1, 0) ///< Use "_minimal" sanitizer runtime for CODEGENOPT(SanitizeMinimalRuntime, 1, 0) ///< Use "_minimal" sanitizer runtime for
///< diagnostics. ///< diagnostics.
CODEGENOPT(SanitizeCfiICallGeneralizePointers, 1, 0) ///< Generalize pointer types in CODEGENOPT(SanitizeCfiICallGeneralizePointers, 1, 0) ///< Generalize pointer types in
///< CFI icall function signatures ///< CFI icall function signatures
CODEGENOPT(SanitizeCfiICallNormalizeIntegers, 1, 0) ///< Normalize integer types in
///< CFI icall function signatures
CODEGENOPT(SanitizeCfiCanonicalJumpTables, 1, 0) ///< Make jump table symbols canonical CODEGENOPT(SanitizeCfiCanonicalJumpTables, 1, 0) ///< Make jump table symbols canonical
///< instead of creating a local jump table. ///< instead of creating a local jump table.
CODEGENOPT(SanitizeCoverageType, 2, 0) ///< Type of sanitizer coverage CODEGENOPT(SanitizeCoverageType, 2, 0) ///< Type of sanitizer coverage
///< instrumentation. ///< instrumentation.
CODEGENOPT(SanitizeCoverageIndirectCalls, 1, 0) ///< Enable sanitizer coverage CODEGENOPT(SanitizeCoverageIndirectCalls, 1, 0) ///< Enable sanitizer coverage
///< for indirect calls. ///< for indirect calls.
CODEGENOPT(SanitizeCoverageTraceBB, 1, 0) ///< Enable basic block tracing in CODEGENOPT(SanitizeCoverageTraceBB, 1, 0) ///< Enable basic block tracing in
///< in sanitizer coverage. ///< in sanitizer coverage.
▲ Show 20 LinesShow All 242 LinesShow Last 20 Lines

clang/include/clang/Driver/Options.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,863 Lines▼ Show 20 Linesdefm sanitize_cfi_cross_dso : BoolOption<"f", "sanitize-cfi-cross-dso",
CodeGenOpts<"SanitizeCfiCrossDso">, DefaultFalse, CodeGenOpts<"SanitizeCfiCrossDso">, DefaultFalse,
PosFlag<SetTrue, [], "Enable">, NegFlag<SetFalse, [CoreOption, NoXarchOption], "Disable">, PosFlag<SetTrue, [], "Enable">, NegFlag<SetFalse, [CoreOption, NoXarchOption], "Disable">,
BothFlags<[], " control flow integrity (CFI) checks for cross-DSO calls.">>, BothFlags<[], " control flow integrity (CFI) checks for cross-DSO calls.">>,
Group<f_clang_Group>; Group<f_clang_Group>;
def fsanitize_cfi_icall_generalize_pointers : Flag<["-"], "fsanitize-cfi-icall-generalize-pointers">, def fsanitize_cfi_icall_generalize_pointers : Flag<["-"], "fsanitize-cfi-icall-generalize-pointers">,
Group<f_clang_Group>, Group<f_clang_Group>,
HelpText<"Generalize pointers in CFI indirect call type signature checks">, HelpText<"Generalize pointers in CFI indirect call type signature checks">,
MarshallingInfoFlag<CodeGenOpts<"SanitizeCfiICallGeneralizePointers">>; MarshallingInfoFlag<CodeGenOpts<"SanitizeCfiICallGeneralizePointers">>;
def fsanitize_cfi_icall_normalize_integers : Flag<["-"], "fsanitize-cfi-icall-experimental-normalize-integers">,
Group<f_clang_Group>,
HelpText<"Normalize integers in CFI indirect call type signature checks">,
MarshallingInfoFlag<CodeGenOpts<"SanitizeCfiICallNormalizeIntegers">>;
defm sanitize_cfi_canonical_jump_tables : BoolOption<"f", "sanitize-cfi-canonical-jump-tables", defm sanitize_cfi_canonical_jump_tables : BoolOption<"f", "sanitize-cfi-canonical-jump-tables",
CodeGenOpts<"SanitizeCfiCanonicalJumpTables">, DefaultFalse, CodeGenOpts<"SanitizeCfiCanonicalJumpTables">, DefaultFalse,
PosFlag<SetTrue, [], "Make">, NegFlag<SetFalse, [CoreOption, NoXarchOption], "Do not make">, PosFlag<SetTrue, [], "Make">, NegFlag<SetFalse, [CoreOption, NoXarchOption], "Do not make">,
BothFlags<[], " the jump table addresses canonical in the symbol table">>, BothFlags<[], " the jump table addresses canonical in the symbol table">>,
Group<f_clang_Group>; Group<f_clang_Group>;
defm sanitize_stats : BoolOption<"f", "sanitize-stats", defm sanitize_stats : BoolOption<"f", "sanitize-stats",
CodeGenOpts<"SanitizeStats">, DefaultFalse, CodeGenOpts<"SanitizeStats">, DefaultFalse,
PosFlag<SetTrue, [], "Enable">, NegFlag<SetFalse, [CoreOption, NoXarchOption], "Disable">, PosFlag<SetTrue, [], "Enable">, NegFlag<SetFalse, [CoreOption, NoXarchOption], "Disable">,
▲ Show 20 LinesShow All 5,235 LinesShow Last 20 Lines

clang/include/clang/Driver/SanitizerArgs.h

Show All 31 Linesclass SanitizerArgs {
std::vector<std::string> CoverageIgnorelistFiles; std::vector<std::string> CoverageIgnorelistFiles;
int CoverageFeatures = 0; int CoverageFeatures = 0;
int BinaryMetadataFeatures = 0; int BinaryMetadataFeatures = 0;
int MsanTrackOrigins = 0; int MsanTrackOrigins = 0;
bool MsanUseAfterDtor = true; bool MsanUseAfterDtor = true;
bool MsanParamRetval = true; bool MsanParamRetval = true;
bool CfiCrossDso = false; bool CfiCrossDso = false;
bool CfiICallGeneralizePointers = false; bool CfiICallGeneralizePointers = false;
bool CfiICallNormalizeIntegers = false;
bool CfiCanonicalJumpTables = false; bool CfiCanonicalJumpTables = false;
int AsanFieldPadding = 0; int AsanFieldPadding = 0;
bool SharedRuntime = false; bool SharedRuntime = false;
bool AsanUseAfterScope = true; bool AsanUseAfterScope = true;
bool AsanPoisonCustomArrayCookie = false; bool AsanPoisonCustomArrayCookie = false;
bool AsanGlobalsDeadStripping = false; bool AsanGlobalsDeadStripping = false;
bool AsanUseOdrIndicator = false; bool AsanUseOdrIndicator = false;
bool AsanInvalidPointerCmp = false; bool AsanInvalidPointerCmp = false;
▲ Show 20 LinesShow All 87 LinesShow Last 20 Lines

clang/lib/AST/ItaniumMangle.cpp

Show First 20 LinesShow All 103 Lines▼ Show 20 Lines void mangleCXXDtorThunk(const CXXDestructorDecl *DD, CXXDtorType Type,
raw_ostream &) override; raw_ostream &) override;
void mangleReferenceTemporary(const VarDecl *D, unsigned ManglingNumber, void mangleReferenceTemporary(const VarDecl *D, unsigned ManglingNumber,
raw_ostream &) override; raw_ostream &) override;
void mangleCXXVTable(const CXXRecordDecl *RD, raw_ostream &) override; void mangleCXXVTable(const CXXRecordDecl *RD, raw_ostream &) override;
void mangleCXXVTT(const CXXRecordDecl *RD, raw_ostream &) override; void mangleCXXVTT(const CXXRecordDecl *RD, raw_ostream &) override;
void mangleCXXCtorVTable(const CXXRecordDecl *RD, int64_t Offset, void mangleCXXCtorVTable(const CXXRecordDecl *RD, int64_t Offset,
const CXXRecordDecl *Type, raw_ostream &) override; const CXXRecordDecl *Type, raw_ostream &) override;
void mangleCXXRTTI(QualType T, raw_ostream &) override; void mangleCXXRTTI(QualType T, raw_ostream &) override;
void mangleCXXRTTIName(QualType T, raw_ostream &) override; void mangleCXXRTTIName(QualType T, raw_ostream &,
void mangleTypeName(QualType T, raw_ostream &) override; bool NormalizeIntegers) override;
void mangleTypeName(QualType T, raw_ostream &,
bool NormalizeIntegers) override;
void mangleCXXCtorComdat(const CXXConstructorDecl *D, raw_ostream &) override; void mangleCXXCtorComdat(const CXXConstructorDecl *D, raw_ostream &) override;
void mangleCXXDtorComdat(const CXXDestructorDecl *D, raw_ostream &) override; void mangleCXXDtorComdat(const CXXDestructorDecl *D, raw_ostream &) override;
void mangleStaticGuardVariable(const VarDecl *D, raw_ostream &) override; void mangleStaticGuardVariable(const VarDecl *D, raw_ostream &) override;
void mangleDynamicInitializer(const VarDecl *D, raw_ostream &Out) override; void mangleDynamicInitializer(const VarDecl *D, raw_ostream &Out) override;
void mangleDynamicAtExitDestructor(const VarDecl *D, void mangleDynamicAtExitDestructor(const VarDecl *D,
raw_ostream &Out) override; raw_ostream &Out) override;
void mangleDynamicStermFinalizer(const VarDecl *D, raw_ostream &Out) override; void mangleDynamicStermFinalizer(const VarDecl *D, raw_ostream &Out) override;
▲ Show 20 LinesShow All 88 Lines▼ Show 20 Linespublic:
/// @} /// @}
}; };
/// Manage the mangling of a single name. /// Manage the mangling of a single name.
class CXXNameMangler { class CXXNameMangler {
ItaniumMangleContextImpl &Context; ItaniumMangleContextImpl &Context;
raw_ostream &Out; raw_ostream &Out;
/// Normalize integer types for cross-language CFI support with other
/// languages that can't represent and encode C/C++ integer types.
bool NormalizeIntegers = false;
bool NullOut = false; bool NullOut = false;
/// In the "DisableDerivedAbiTags" mode derived ABI tags are not calculated. /// In the "DisableDerivedAbiTags" mode derived ABI tags are not calculated.
/// This mode is used when mangler creates another mangler recursively to /// This mode is used when mangler creates another mangler recursively to
/// calculate ABI tags for the function return value or the variable type. /// calculate ABI tags for the function return value or the variable type.
/// Also it is required to avoid infinite recursion in some cases. /// Also it is required to avoid infinite recursion in some cases.
bool DisableDerivedAbiTags = false; bool DisableDerivedAbiTags = false;
/// The "structor" is the top-level declaration being mangled, if /// The "structor" is the top-level declaration being mangled, if
▲ Show 20 LinesShow All 182 Lines▼ Show 20 Lines CXXNameMangler(ItaniumMangleContextImpl &C, raw_ostream &Out_,
const CXXConstructorDecl *D, CXXCtorType Type) const CXXConstructorDecl *D, CXXCtorType Type)
: Context(C), Out(Out_), Structor(getStructor(D)), StructorType(Type), : Context(C), Out(Out_), Structor(getStructor(D)), StructorType(Type),
AbiTagsRoot(AbiTags) {} AbiTagsRoot(AbiTags) {}
CXXNameMangler(ItaniumMangleContextImpl &C, raw_ostream &Out_, CXXNameMangler(ItaniumMangleContextImpl &C, raw_ostream &Out_,
const CXXDestructorDecl *D, CXXDtorType Type) const CXXDestructorDecl *D, CXXDtorType Type)
: Context(C), Out(Out_), Structor(getStructor(D)), StructorType(Type), : Context(C), Out(Out_), Structor(getStructor(D)), StructorType(Type),
AbiTagsRoot(AbiTags) {} AbiTagsRoot(AbiTags) {}
CXXNameMangler(ItaniumMangleContextImpl &C, raw_ostream &Out_,
bool NormalizeIntegers_)
: Context(C), Out(Out_), NormalizeIntegers(NormalizeIntegers_),
NullOut(false), AbiTagsRoot(AbiTags) {}
CXXNameMangler(CXXNameMangler &Outer, raw_ostream &Out_) CXXNameMangler(CXXNameMangler &Outer, raw_ostream &Out_)
: Context(Outer.Context), Out(Out_), Structor(Outer.Structor), : Context(Outer.Context), Out(Out_), Structor(Outer.Structor),
StructorType(Outer.StructorType), SeqID(Outer.SeqID), StructorType(Outer.StructorType), SeqID(Outer.SeqID),
FunctionTypeDepth(Outer.FunctionTypeDepth), AbiTagsRoot(AbiTags), FunctionTypeDepth(Outer.FunctionTypeDepth), AbiTagsRoot(AbiTags),
Substitutions(Outer.Substitutions), Substitutions(Outer.Substitutions),
ModuleSubstitutions(Outer.ModuleSubstitutions) {} ModuleSubstitutions(Outer.ModuleSubstitutions) {}
CXXNameMangler(CXXNameMangler &Outer, llvm::raw_null_ostream &Out_) CXXNameMangler(CXXNameMangler &Outer, llvm::raw_null_ostream &Out_)
▲ Show 20 LinesShow All 2,508 Lines▼ Show 20 Linesvoid CXXNameMangler::mangleType(const BuiltinType *T) {
// UNSUPPORTED: ::= Df # IEEE 754r decimal floating point (32 bits) // UNSUPPORTED: ::= Df # IEEE 754r decimal floating point (32 bits)
// ::= Dh # IEEE 754r half-precision floating point (16 bits) // ::= Dh # IEEE 754r half-precision floating point (16 bits)
// ::= DF <number> _ # ISO/IEC TS 18661 binary floating point type _FloatN (N bits); // ::= DF <number> _ # ISO/IEC TS 18661 binary floating point type _FloatN (N bits);
// ::= Di # char32_t // ::= Di # char32_t
// ::= Ds # char16_t // ::= Ds # char16_t
// ::= Dn # std::nullptr_t (i.e., decltype(nullptr)) // ::= Dn # std::nullptr_t (i.e., decltype(nullptr))
// ::= u <source-name> # vendor extended type // ::= u <source-name> # vendor extended type
std::string type_name; std::string type_name;
// Normalize integer types as vendor extended types:
// u<length>i<type size>
// u<length>u<type size>
if (NormalizeIntegers && T->isInteger()) {
pccUnsubmitted
Not Done
ReplyInline Actions

isInteger() will return true for enums, but only if they are complete. This would mean that code such as

void (*f)(enum E *e);

void g() {
  f(0);
}

would use a different encoding to call f depending on whether the TU completes the enum E, if pointee types are considered part of the encoding.

pcc: `isInteger()` will return true for enums, but only if they are complete. This would mean that…
rcvalleAuthorUnsubmitted
Not Done
ReplyInline Actions

Isn't isIntegerType() that does that? isInteger() definition is:

bool isInteger() const {
  return getKind() >= Bool && getKind() <= Int128;
}
rcvalle: Isn't `isIntegerType()` that does that? `isInteger()` definition is: ``` bool isInteger()…
pccUnsubmitted
Not Done
ReplyInline Actions

Ah yes, sorry, somehow I read this as a call to isIntegerType().

pcc: Ah yes, sorry, somehow I read this as a call to `isIntegerType()`.
if (T->isSignedInteger()) {
switch (getASTContext().getTypeSize(T)) {
case 8:
// Pick a representative for each integer size in the substitution
// dictionary. (Its actual defined size is not relevant.)
if (mangleSubstitution(BuiltinType::SChar))
break;
Out << "u2i8";
addSubstitution(BuiltinType::SChar);
break;
case 16:
if (mangleSubstitution(BuiltinType::Short))
break;
Out << "u3i16";
addSubstitution(BuiltinType::Short);
break;
case 32:
if (mangleSubstitution(BuiltinType::Int))
break;
Out << "u3i32";
addSubstitution(BuiltinType::Int);
break;
case 64:
if (mangleSubstitution(BuiltinType::Long))
break;
Out << "u3i64";
addSubstitution(BuiltinType::Long);
break;
case 128:
if (mangleSubstitution(BuiltinType::Int128))
break;
Out << "u4i128";
addSubstitution(BuiltinType::Int128);
break;
default:
llvm_unreachable("Unknown integer size for normalization");
}
} else {
switch (getASTContext().getTypeSize(T)) {
case 8:
if (mangleSubstitution(BuiltinType::UChar))
break;
Out << "u2u8";
addSubstitution(BuiltinType::UChar);
break;
case 16:
if (mangleSubstitution(BuiltinType::UShort))
break;
Out << "u3u16";
addSubstitution(BuiltinType::UShort);
break;
case 32:
if (mangleSubstitution(BuiltinType::UInt))
break;
Out << "u3u32";
addSubstitution(BuiltinType::UInt);
break;
case 64:
if (mangleSubstitution(BuiltinType::ULong))
break;
Out << "u3u64";
addSubstitution(BuiltinType::ULong);
break;
case 128:
if (mangleSubstitution(BuiltinType::UInt128))
break;
Out << "u4u128";
addSubstitution(BuiltinType::UInt128);
break;
default:
llvm_unreachable("Unknown integer size for normalization");
}
}
return;
}
switch (T->getKind()) { switch (T->getKind()) {
case BuiltinType::Void: case BuiltinType::Void:
Out << 'v'; Out << 'v';
break; break;
case BuiltinType::Bool: case BuiltinType::Bool:
Out << 'b'; Out << 'b';
break; break;
case BuiltinType::Char_U: case BuiltinType::Char_U:
▲ Show 20 LinesShow All 3,576 Lines▼ Show 20 Lines
void ItaniumMangleContextImpl::mangleCXXRTTI(QualType Ty, raw_ostream &Out) { void ItaniumMangleContextImpl::mangleCXXRTTI(QualType Ty, raw_ostream &Out) {
// <special-name> ::= TI <type> # typeinfo structure // <special-name> ::= TI <type> # typeinfo structure
assert(!Ty.hasQualifiers() && "RTTI info cannot have top-level qualifiers"); assert(!Ty.hasQualifiers() && "RTTI info cannot have top-level qualifiers");
CXXNameMangler Mangler(*this, Out); CXXNameMangler Mangler(*this, Out);
Mangler.getStream() << "_ZTI"; Mangler.getStream() << "_ZTI";
Mangler.mangleType(Ty); Mangler.mangleType(Ty);
} }
void ItaniumMangleContextImpl::mangleCXXRTTIName(QualType Ty, void ItaniumMangleContextImpl::mangleCXXRTTIName(
raw_ostream &Out) { QualType Ty, raw_ostream &Out, bool NormalizeIntegers = false) {
// <special-name> ::= TS <type> # typeinfo name (null terminated byte string) // <special-name> ::= TS <type> # typeinfo name (null terminated byte string)
CXXNameMangler Mangler(*this, Out); CXXNameMangler Mangler(*this, Out, NormalizeIntegers);
Mangler.getStream() << "_ZTS"; Mangler.getStream() << "_ZTS";
Mangler.mangleType(Ty); Mangler.mangleType(Ty);
} }
void ItaniumMangleContextImpl::mangleTypeName(QualType Ty, raw_ostream &Out) { void ItaniumMangleContextImpl::mangleTypeName(QualType Ty, raw_ostream &Out,
mangleCXXRTTIName(Ty, Out); bool NormalizeIntegers = false) {
mangleCXXRTTIName(Ty, Out, NormalizeIntegers);
} }
void ItaniumMangleContextImpl::mangleStringLiteral(const StringLiteral *, raw_ostream &) { void ItaniumMangleContextImpl::mangleStringLiteral(const StringLiteral *, raw_ostream &) {
llvm_unreachable("Can't mangle string literals"); llvm_unreachable("Can't mangle string literals");
} }
void ItaniumMangleContextImpl::mangleLambdaSig(const CXXRecordDecl *Lambda, void ItaniumMangleContextImpl::mangleLambdaSig(const CXXRecordDecl *Lambda,
raw_ostream &Out) { raw_ostream &Out) {
Show All 37 Lines

clang/lib/AST/MicrosoftMangle.cpp

Show First 20 LinesShow All 174 Lines▼ Show 20 Lines void mangleCXXThrowInfo(QualType T, bool IsConst, bool IsVolatile,
raw_ostream &Out) override; raw_ostream &Out) override;
void mangleCXXCatchableTypeArray(QualType T, uint32_t NumEntries, void mangleCXXCatchableTypeArray(QualType T, uint32_t NumEntries,
raw_ostream &Out) override; raw_ostream &Out) override;
void mangleCXXCatchableType(QualType T, const CXXConstructorDecl *CD, void mangleCXXCatchableType(QualType T, const CXXConstructorDecl *CD,
CXXCtorType CT, uint32_t Size, uint32_t NVOffset, CXXCtorType CT, uint32_t Size, uint32_t NVOffset,
int32_t VBPtrOffset, uint32_t VBIndex, int32_t VBPtrOffset, uint32_t VBIndex,
raw_ostream &Out) override; raw_ostream &Out) override;
void mangleCXXRTTI(QualType T, raw_ostream &Out) override; void mangleCXXRTTI(QualType T, raw_ostream &Out) override;
void mangleCXXRTTIName(QualType T, raw_ostream &Out) override; void mangleCXXRTTIName(QualType T, raw_ostream &Out,
bool NormalizeIntegers) override;
void mangleCXXRTTIBaseClassDescriptor(const CXXRecordDecl *Derived, void mangleCXXRTTIBaseClassDescriptor(const CXXRecordDecl *Derived,
uint32_t NVOffset, int32_t VBPtrOffset, uint32_t NVOffset, int32_t VBPtrOffset,
uint32_t VBTableOffset, uint32_t Flags, uint32_t VBTableOffset, uint32_t Flags,
raw_ostream &Out) override; raw_ostream &Out) override;
void mangleCXXRTTIBaseClassArray(const CXXRecordDecl *Derived, void mangleCXXRTTIBaseClassArray(const CXXRecordDecl *Derived,
raw_ostream &Out) override; raw_ostream &Out) override;
void mangleCXXRTTIClassHierarchyDescriptor(const CXXRecordDecl *Derived, void mangleCXXRTTIClassHierarchyDescriptor(const CXXRecordDecl *Derived,
raw_ostream &Out) override; raw_ostream &Out) override;
void void
mangleCXXRTTICompleteObjectLocator(const CXXRecordDecl *Derived, mangleCXXRTTICompleteObjectLocator(const CXXRecordDecl *Derived,
ArrayRef<const CXXRecordDecl *> BasePath, ArrayRef<const CXXRecordDecl *> BasePath,
raw_ostream &Out) override; raw_ostream &Out) override;
void mangleTypeName(QualType T, raw_ostream &) override; void mangleTypeName(QualType T, raw_ostream &,
bool NormalizeIntegers) override;
void mangleReferenceTemporary(const VarDecl *, unsigned ManglingNumber, void mangleReferenceTemporary(const VarDecl *, unsigned ManglingNumber,
raw_ostream &) override; raw_ostream &) override;
void mangleStaticGuardVariable(const VarDecl *D, raw_ostream &Out) override; void mangleStaticGuardVariable(const VarDecl *D, raw_ostream &Out) override;
void mangleThreadSafeStaticGuardVariable(const VarDecl *D, unsigned GuardNum, void mangleThreadSafeStaticGuardVariable(const VarDecl *D, unsigned GuardNum,
raw_ostream &Out) override; raw_ostream &Out) override;
void mangleDynamicInitializer(const VarDecl *D, raw_ostream &Out) override; void mangleDynamicInitializer(const VarDecl *D, raw_ostream &Out) override;
void mangleDynamicAtExitDestructor(const VarDecl *D, void mangleDynamicAtExitDestructor(const VarDecl *D,
raw_ostream &Out) override; raw_ostream &Out) override;
▲ Show 20 LinesShow All 3,383 Lines▼ Show 20 Lines
void MicrosoftMangleContextImpl::mangleCXXRTTI(QualType T, raw_ostream &Out) { void MicrosoftMangleContextImpl::mangleCXXRTTI(QualType T, raw_ostream &Out) {
msvc_hashing_ostream MHO(Out); msvc_hashing_ostream MHO(Out);
MicrosoftCXXNameMangler Mangler(*this, MHO); MicrosoftCXXNameMangler Mangler(*this, MHO);
Mangler.getStream() << "??_R0"; Mangler.getStream() << "??_R0";
Mangler.mangleType(T, SourceRange(), MicrosoftCXXNameMangler::QMM_Result); Mangler.mangleType(T, SourceRange(), MicrosoftCXXNameMangler::QMM_Result);
Mangler.getStream() << "@8"; Mangler.getStream() << "@8";
} }
void MicrosoftMangleContextImpl::mangleCXXRTTIName(QualType T, void MicrosoftMangleContextImpl::mangleCXXRTTIName(
raw_ostream &Out) { QualType T, raw_ostream &Out, bool NormalizeIntegers = false) {
MicrosoftCXXNameMangler Mangler(*this, Out); MicrosoftCXXNameMangler Mangler(*this, Out);
Mangler.getStream() << '.'; Mangler.getStream() << '.';
Mangler.mangleType(T, SourceRange(), MicrosoftCXXNameMangler::QMM_Result); Mangler.mangleType(T, SourceRange(), MicrosoftCXXNameMangler::QMM_Result);
} }
void MicrosoftMangleContextImpl::mangleCXXVirtualDisplacementMap( void MicrosoftMangleContextImpl::mangleCXXVirtualDisplacementMap(
const CXXRecordDecl *SrcRD, const CXXRecordDecl *DstRD, raw_ostream &Out) { const CXXRecordDecl *SrcRD, const CXXRecordDecl *DstRD, raw_ostream &Out) {
msvc_hashing_ostream MHO(Out); msvc_hashing_ostream MHO(Out);
▲ Show 20 LinesShow All 150 Lines▼ Show 20 Linesvoid MicrosoftMangleContextImpl::mangleSEHFinallyBlock(
// The function body is in the same comdat as the function with the handler, // The function body is in the same comdat as the function with the handler,
// so the numbering here doesn't have to be the same across TUs. // so the numbering here doesn't have to be the same across TUs.
// //
// <mangled-name> ::= ?fin$ <filter-number> @0 // <mangled-name> ::= ?fin$ <filter-number> @0
Mangler.getStream() << "?fin$" << SEHFinallyIds[EnclosingDecl]++ << "@0@"; Mangler.getStream() << "?fin$" << SEHFinallyIds[EnclosingDecl]++ << "@0@";
Mangler.mangleName(EnclosingDecl); Mangler.mangleName(EnclosingDecl);
} }
void MicrosoftMangleContextImpl::mangleTypeName(QualType T, raw_ostream &Out) { void MicrosoftMangleContextImpl::mangleTypeName(
QualType T, raw_ostream &Out, bool NormalizeIntegers = false) {
// This is just a made up unique string for the purposes of tbaa. undname // This is just a made up unique string for the purposes of tbaa. undname
// does *not* know how to demangle it. // does *not* know how to demangle it.
MicrosoftCXXNameMangler Mangler(*this, Out); MicrosoftCXXNameMangler Mangler(*this, Out);
Mangler.getStream() << '?'; Mangler.getStream() << '?';
Mangler.mangleType(T, SourceRange()); Mangler.mangleType(T, SourceRange());
} }
void MicrosoftMangleContextImpl::mangleReferenceTemporary( void MicrosoftMangleContextImpl::mangleReferenceTemporary(
▲ Show 20 LinesShow All 204 LinesShow Last 20 Lines

clang/lib/CodeGen/CodeGenModule.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,721 Lines▼ Show 20 Lines
llvm::ConstantInt *CodeGenModule::CreateKCFITypeId(QualType T) { llvm::ConstantInt *CodeGenModule::CreateKCFITypeId(QualType T) {
if (auto *FnType = T->getAs<FunctionProtoType>()) if (auto *FnType = T->getAs<FunctionProtoType>())
T = getContext().getFunctionType( T = getContext().getFunctionType(
FnType->getReturnType(), FnType->getParamTypes(), FnType->getReturnType(), FnType->getParamTypes(),
FnType->getExtProtoInfo().withExceptionSpec(EST_None)); FnType->getExtProtoInfo().withExceptionSpec(EST_None));
std::string OutName; std::string OutName;
llvm::raw_string_ostream Out(OutName); llvm::raw_string_ostream Out(OutName);
getCXXABI().getMangleContext().mangleTypeName(T, Out); getCXXABI().getMangleContext().mangleTypeName(
T, Out, getCodeGenOpts().SanitizeCfiICallNormalizeIntegers);
pccUnsubmitted
Done
ReplyInline Actions

Is the !! necessary here?

pcc: Is the !! necessary here?
rcvalleAuthorUnsubmitted
Done
ReplyInline Actions

Fixed. Thank you!

rcvalle: Fixed. Thank you!
if (getCodeGenOpts().SanitizeCfiICallNormalizeIntegers)
Out << ".normalized";
return llvm::ConstantInt::get(Int32Ty, return llvm::ConstantInt::get(Int32Ty,
static_cast<uint32_t>(llvm::xxHash64(OutName))); static_cast<uint32_t>(llvm::xxHash64(OutName)));
} }
void CodeGenModule::SetLLVMFunctionAttributes(GlobalDecl GD, void CodeGenModule::SetLLVMFunctionAttributes(GlobalDecl GD,
const CGFunctionInfo &Info, const CGFunctionInfo &Info,
llvm::Function *F, bool IsThunk) { llvm::Function *F, bool IsThunk) {
▲ Show 20 LinesShow All 5,201 Lines▼ Show 20 LinesCodeGenModule::CreateMetadataIdentifierImpl(QualType T, MetadataTypeMap &Map,
llvm::Metadata *&InternalId = Map[T.getCanonicalType()]; llvm::Metadata *&InternalId = Map[T.getCanonicalType()];
if (InternalId) if (InternalId)
return InternalId; return InternalId;
if (isExternallyVisible(T->getLinkage())) { if (isExternallyVisible(T->getLinkage())) {
std::string OutName; std::string OutName;
llvm::raw_string_ostream Out(OutName); llvm::raw_string_ostream Out(OutName);
getCXXABI().getMangleContext().mangleTypeName(T, Out); getCXXABI().getMangleContext().mangleTypeName(
T, Out, getCodeGenOpts().SanitizeCfiICallNormalizeIntegers);
pccUnsubmitted
Done
ReplyInline Actions

Likewise

pcc: Likewise
rcvalleAuthorUnsubmitted
Done
ReplyInline Actions

Fixed. Thank you!

rcvalle: Fixed. Thank you!
if (getCodeGenOpts().SanitizeCfiICallNormalizeIntegers)
Out << ".normalized";
Out << Suffix; Out << Suffix;
InternalId = llvm::MDString::get(getLLVMContext(), Out.str()); InternalId = llvm::MDString::get(getLLVMContext(), Out.str());
} else { } else {
InternalId = llvm::MDNode::getDistinct(getLLVMContext(), InternalId = llvm::MDNode::getDistinct(getLLVMContext(),
llvm::ArrayRef<llvm::Metadata *>()); llvm::ArrayRef<llvm::Metadata *>());
} }
▲ Show 20 LinesShow All 263 LinesShow Last 20 Lines

clang/lib/Driver/SanitizerArgs.cpp

Show First 20 LinesShow All 705 Lines▼ Show 20 LinesSanitizerArgs::SanitizerArgs(const ToolChain &TC,
if (AllAddedKinds & SanitizerKind::CFI) { if (AllAddedKinds & SanitizerKind::CFI) {
// Without PIE, external function address may resolve to a PLT record, which // Without PIE, external function address may resolve to a PLT record, which
// can not be verified by the target module. // can not be verified by the target module.
NeedPIE |= CfiCrossDso; NeedPIE |= CfiCrossDso;
CfiICallGeneralizePointers = CfiICallGeneralizePointers =
Args.hasArg(options::OPT_fsanitize_cfi_icall_generalize_pointers); Args.hasArg(options::OPT_fsanitize_cfi_icall_generalize_pointers);
CfiICallNormalizeIntegers =
Args.hasArg(options::OPT_fsanitize_cfi_icall_normalize_integers);
if (CfiCrossDso && CfiICallGeneralizePointers && DiagnoseErrors) if (CfiCrossDso && CfiICallGeneralizePointers && DiagnoseErrors)
D.Diag(diag::err_drv_argument_not_allowed_with) D.Diag(diag::err_drv_argument_not_allowed_with)
<< "-fsanitize-cfi-cross-dso" << "-fsanitize-cfi-cross-dso"
<< "-fsanitize-cfi-icall-generalize-pointers"; << "-fsanitize-cfi-icall-generalize-pointers";
CfiCanonicalJumpTables = CfiCanonicalJumpTables =
Args.hasFlag(options::OPT_fsanitize_cfi_canonical_jump_tables, Args.hasFlag(options::OPT_fsanitize_cfi_canonical_jump_tables,
options::OPT_fno_sanitize_cfi_canonical_jump_tables, true); options::OPT_fno_sanitize_cfi_canonical_jump_tables, true);
▲ Show 20 LinesShow All 488 Lines▼ Show 20 Linesvoid SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
} }
if (CfiCrossDso) if (CfiCrossDso)
CmdArgs.push_back("-fsanitize-cfi-cross-dso"); CmdArgs.push_back("-fsanitize-cfi-cross-dso");
if (CfiICallGeneralizePointers) if (CfiICallGeneralizePointers)
CmdArgs.push_back("-fsanitize-cfi-icall-generalize-pointers"); CmdArgs.push_back("-fsanitize-cfi-icall-generalize-pointers");
if (CfiICallNormalizeIntegers)
CmdArgs.push_back("-fsanitize-cfi-icall-experimental-normalize-integers");
if (CfiCanonicalJumpTables) if (CfiCanonicalJumpTables)
CmdArgs.push_back("-fsanitize-cfi-canonical-jump-tables"); CmdArgs.push_back("-fsanitize-cfi-canonical-jump-tables");
if (Stats) if (Stats)
CmdArgs.push_back("-fsanitize-stats"); CmdArgs.push_back("-fsanitize-stats");
if (MinimalRuntime) if (MinimalRuntime)
CmdArgs.push_back("-fsanitize-minimal-runtime"); CmdArgs.push_back("-fsanitize-minimal-runtime");
▲ Show 20 LinesShow All 222 LinesShow Last 20 Lines

clang/test/CodeGen/cfi-icall-normalize.c

  • This file was added.
// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-icall -fsanitize-trap=cfi-icall -fsanitize-cfi-icall-experimental-normalize-integers -emit-llvm -o - %s | FileCheck %s
// Test that integer types are normalized for cross-language CFI support with
// other languages that can't represent and encode C/C++ integer types.
void foo0(char arg) { }
// CHECK: define{{.*}}foo0{{.*}}!type ![[TYPE0:[0-9]+]] !type !{{[0-9]+}}
void foo1(char arg1, signed char arg2) { }
// CHECK: define{{.*}}foo1{{.*}}!type ![[TYPE1:[0-9]+]] !type !{{[0-9]+}}
void foo2(char arg1, signed char arg2, signed char arg3) { }
// CHECK: define{{.*}}foo2{{.*}}!type ![[TYPE2:[0-9]+]] !type !{{[0-9]+}}
void foo3(int arg) { }
// CHECK: define{{.*}}foo3{{.*}}!type ![[TYPE3:[0-9]+]] !type !{{[0-9]+}}
void foo4(int arg1, int arg2) { }
// CHECK: define{{.*}}foo4{{.*}}!type ![[TYPE4:[0-9]+]] !type !{{[0-9]+}}
void foo5(int arg1, int arg2, int arg3) { }
// CHECK: define{{.*}}foo5{{.*}}!type ![[TYPE5:[0-9]+]] !type !{{[0-9]+}}
void foo6(long arg) { }
// CHECK: define{{.*}}foo6{{.*}}!type ![[TYPE6:[0-9]+]] !type !{{[0-9]+}}
void foo7(long arg1, long long arg2) { }
// CHECK: define{{.*}}foo7{{.*}}!type ![[TYPE7:[0-9]+]] !type !{{[0-9]+}}
void foo8(long arg1, long long arg2, long long arg3) { }
// CHECK: define{{.*}}foo8{{.*}}!type ![[TYPE8:[0-9]+]] !type !{{[0-9]+}}
void foo9(short arg) { }
// CHECK: define{{.*}}foo9{{.*}}!type ![[TYPE9:[0-9]+]] !type !{{[0-9]+}}
void foo10(short arg1, short arg2) { }
// CHECK: define{{.*}}foo10{{.*}}!type ![[TYPE10:[0-9]+]] !type !{{[0-9]+}}
void foo11(short arg1, short arg2, short arg3) { }
// CHECK: define{{.*}}foo11{{.*}}!type ![[TYPE11:[0-9]+]] !type !{{[0-9]+}}
void foo12(unsigned char arg) { }
// CHECK: define{{.*}}foo12{{.*}}!type ![[TYPE12:[0-9]+]] !type !{{[0-9]+}}
void foo13(unsigned char arg1, unsigned char arg2) { }
// CHECK: define{{.*}}foo13{{.*}}!type ![[TYPE13:[0-9]+]] !type !{{[0-9]+}}
void foo14(unsigned char arg1, unsigned char arg2, unsigned char arg3) { }
// CHECK: define{{.*}}foo14{{.*}}!type ![[TYPE14:[0-9]+]] !type !{{[0-9]+}}
void foo15(unsigned int arg) { }
// CHECK: define{{.*}}foo15{{.*}}!type ![[TYPE15:[0-9]+]] !type !{{[0-9]+}}
void foo16(unsigned int arg1, unsigned int arg2) { }
// CHECK: define{{.*}}foo16{{.*}}!type ![[TYPE16:[0-9]+]] !type !{{[0-9]+}}
void foo17(unsigned int arg1, unsigned int arg2, unsigned int arg3) { }
// CHECK: define{{.*}}foo17{{.*}}!type ![[TYPE17:[0-9]+]] !type !{{[0-9]+}}
void foo18(unsigned long arg) { }
// CHECK: define{{.*}}foo18{{.*}}!type ![[TYPE18:[0-9]+]] !type !{{[0-9]+}}
void foo19(unsigned long arg1, unsigned long long arg2) { }
// CHECK: define{{.*}}foo19{{.*}}!type ![[TYPE19:[0-9]+]] !type !{{[0-9]+}}
void foo20(unsigned long arg1, unsigned long long arg2, unsigned long long arg3) { }
// CHECK: define{{.*}}foo20{{.*}}!type ![[TYPE20:[0-9]+]] !type !{{[0-9]+}}
void foo21(unsigned short arg) { }
// CHECK: define{{.*}}foo21{{.*}}!type ![[TYPE21:[0-9]+]] !type !{{[0-9]+}}
void foo22(unsigned short arg1, unsigned short arg2) { }
// CHECK: define{{.*}}foo22{{.*}}!type ![[TYPE22:[0-9]+]] !type !{{[0-9]+}}
void foo23(unsigned short arg1, unsigned short arg2, unsigned short arg3) { }
// CHECK: define{{.*}}foo23{{.*}}!type ![[TYPE23:[0-9]+]] !type !{{[0-9]+}}
// CHECK: ![[TYPE0]] = !{i64 0, !"_ZTSFvu2i8E.normalized"}
// CHECK: ![[TYPE1]] = !{i64 0, !"_ZTSFvu2i8S_E.normalized"}
// CHECK: ![[TYPE2]] = !{i64 0, !"_ZTSFvu2i8S_S_E.normalized"}
// CHECK: ![[TYPE3]] = !{i64 0, !"_ZTSFvu3i32E.normalized"}
// CHECK: ![[TYPE4]] = !{i64 0, !"_ZTSFvu3i32S_E.normalized"}
// CHECK: ![[TYPE5]] = !{i64 0, !"_ZTSFvu3i32S_S_E.normalized"}
// CHECK: ![[TYPE6]] = !{i64 0, !"_ZTSFvu3i64E.normalized"}
// CHECK: ![[TYPE7]] = !{i64 0, !"_ZTSFvu3i64S_E.normalized"}
// CHECK: ![[TYPE8]] = !{i64 0, !"_ZTSFvu3i64S_S_E.normalized"}
// CHECK: ![[TYPE9]] = !{i64 0, !"_ZTSFvu3i16E.normalized"}
// CHECK: ![[TYPE10]] = !{i64 0, !"_ZTSFvu3i16S_E.normalized"}
// CHECK: ![[TYPE11]] = !{i64 0, !"_ZTSFvu3i16S_S_E.normalized"}
// CHECK: ![[TYPE12]] = !{i64 0, !"_ZTSFvu2u8E.normalized"}
// CHECK: ![[TYPE13]] = !{i64 0, !"_ZTSFvu2u8S_E.normalized"}
// CHECK: ![[TYPE14]] = !{i64 0, !"_ZTSFvu2u8S_S_E.normalized"}
// CHECK: ![[TYPE15]] = !{i64 0, !"_ZTSFvu3u32E.normalized"}
// CHECK: ![[TYPE16]] = !{i64 0, !"_ZTSFvu3u32S_E.normalized"}
// CHECK: ![[TYPE17]] = !{i64 0, !"_ZTSFvu3u32S_S_E.normalized"}
// CHECK: ![[TYPE18]] = !{i64 0, !"_ZTSFvu3u64E.normalized"}
// CHECK: ![[TYPE19]] = !{i64 0, !"_ZTSFvu3u64S_E.normalized"}
// CHECK: ![[TYPE20]] = !{i64 0, !"_ZTSFvu3u64S_S_E.normalized"}
// CHECK: ![[TYPE21]] = !{i64 0, !"_ZTSFvu3u16E.normalized"}
pccUnsubmitted
Done
ReplyInline Actions

Shouldn't these all be checking for specific types? Since you're specifying a triple, the width and signedness of the integer types are fixed.

pcc: Shouldn't these all be checking for specific types? Since you're specifying a triple, the width…
rcvalleAuthorUnsubmitted
Done
ReplyInline Actions

Fixed. Thank you!

rcvalle: Fixed. Thank you!
// CHECK: ![[TYPE22]] = !{i64 0, !"_ZTSFvu3u16S_E.normalized"}
// CHECK: ![[TYPE23]] = !{i64 0, !"_ZTSFvu3u16S_S_E.normalized"}

clang/test/CodeGen/cfi-icall-normalize2.c

  • This file was added.
// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-icall -fsanitize-trap=cfi-icall -fsanitize-cfi-icall-experimental-normalize-integers -emit-llvm -o - %s | FileCheck %s
// Test that normalized type metadata for functions are emitted for cross-language CFI support with
// other languages that can't represent and encode C/C++ integer types.
void foo(void (*fn)(int), int arg) {
// CHECK-LABEL: define{{.*}}foo
// CHECK-SAME: {{.*}}!type ![[TYPE1:[0-9]+]] !type !{{[0-9]+}}
// CHECK: call i1 @llvm.type.test({{i8\*|ptr}} {{%f|%0}}, metadata !"_ZTSFvu3i32E.normalized")
fn(arg);
pccUnsubmitted
Done
ReplyInline Actions

Likewise; also below

pcc: Likewise; also below
rcvalleAuthorUnsubmitted
Done
ReplyInline Actions

Fixed. Thank you!

rcvalle: Fixed. Thank you!
}
void bar(void (*fn)(int, int), int arg1, int arg2) {
// CHECK-LABEL: define{{.*}}bar
// CHECK-SAME: {{.*}}!type ![[TYPE2:[0-9]+]] !type !{{[0-9]+}}
// CHECK: call i1 @llvm.type.test({{i8\*|ptr}} {{%f|%0}}, metadata !"_ZTSFvu3i32S_E.normalized")
fn(arg1, arg2);
}
void baz(void (*fn)(int, int, int), int arg1, int arg2, int arg3) {
// CHECK-LABEL: define{{.*}}baz
// CHECK-SAME: {{.*}}!type ![[TYPE3:[0-9]+]] !type !{{[0-9]+}}
// CHECK: call i1 @llvm.type.test({{i8\*|ptr}} {{%f|%0}}, metadata !"_ZTSFvu3i32S_S_E.normalized")
fn(arg1, arg2, arg3);
}
// CHECK: ![[TYPE1]] = !{i64 0, !"_ZTSFvPFvu3i32ES_E.normalized"}
// CHECK: ![[TYPE2]] = !{i64 0, !"_ZTSFvPFvu3i32S_ES_S_E.normalized"}
// CHECK: ![[TYPE3]] = !{i64 0, !"_ZTSFvPFvu3i32S_S_ES_S_S_E.normalized"}

clang/test/CodeGen/kcfi-normalize.c

  • This file was added.
// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -emit-llvm -fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers -o - %s | FileCheck %s
// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -emit-llvm -fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers -x c++ -o - %s | FileCheck %s
#if !__has_feature(kcfi)
#error Missing kcfi?
#endif
// Test that normalized type metadata for functions are emitted for cross-language KCFI support with
// other languages that can't represent and encode C/C++ integer types.
void foo(void (*fn)(int), int arg) {
// CHECK-LABEL: define{{.*}}foo
// CHECK-SAME: {{.*}}!kcfi_type ![[TYPE1:[0-9]+]]
// CHECK: call void %0(i32 noundef %1){{.*}}[ "kcfi"(i32 1162514891) ]
fn(arg);
}
void bar(void (*fn)(int, int), int arg1, int arg2) {
// CHECK-LABEL: define{{.*}}bar
// CHECK-SAME: {{.*}}!kcfi_type ![[TYPE2:[0-9]+]]
// CHECK: call void %0(i32 noundef %1, i32 noundef %2){{.*}}[ "kcfi"(i32 448046469) ]
fn(arg1, arg2);
}
void baz(void (*fn)(int, int, int), int arg1, int arg2, int arg3) {
// CHECK-LABEL: define{{.*}}baz
// CHECK-SAME: {{.*}}!kcfi_type ![[TYPE3:[0-9]+]]
// CHECK: call void %0(i32 noundef %1, i32 noundef %2, i32 noundef %3){{.*}}[ "kcfi"(i32 -2049681433) ]
fn(arg1, arg2, arg3);
}
// CHECK: ![[TYPE1]] = !{i32 -1143117868}
// CHECK: ![[TYPE2]] = !{i32 -460921415}
// CHECK: ![[TYPE3]] = !{i32 -333839615}