This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
cfe/trunk/
-
trunk/
-
lib/CodeGen/
-
CodeGen/
-
CodeGenFunction.cpp
-
test/CodeGen/
-
CodeGen/
-
cfi-unrelated-cast.cpp

Differential D36294

CFI: blacklist STL allocate() from unrelated-casts
ClosedPublic

Authored by vlad.tsyrklevich on Aug 3 2017, 4:17 PM.

Download Raw Diff

Details

Reviewers

pcc
kcc

Commits

Summary

Previously, STL allocators were blacklisted in compiler_rt's
cfi_blacklist.txt because they mandated a cast from void* to T* before
object initialization completed. This change moves that logic into the
front end because C++ name mangling supports a substitution compression
mechanism for symbols that makes it difficult to blacklist the mangled
symbol for allocate() using a regular expression.

Motivated by crbug.com/751385.

Diff Detail

Repository: rL LLVM

Event Timeline

vlad.tsyrklevich created this revision.Aug 3 2017, 4:17 PM

pcc added a subscriber: cfe-commits.Aug 3 2017, 4:30 PM

pcc added inline comments.

lib/CodeGen/CodeGenFunction.cpp
785 ↗	(On Diff #109652)	The comment should explain why.
789 ↗	(On Diff #109652)	Should this also match the C++17 allocate function which takes a single argument?
794 ↗	(On Diff #109652)	Maybe better to compare against `ASTContext::getSizeType()`, which should return the builtin type that corresponds to `size_t`.

Address pcc's comments

vlad.tsyrklevich marked an inline comment as done.Aug 3 2017, 5:52 PM

vlad.tsyrklevich added inline comments.

lib/CodeGen/CodeGenFunction.cpp
789 ↗	(On Diff #109652)	absolutely, thanks for catching this!

LGTM

This revision is now accepted and ready to land.Aug 3 2017, 6:00 PM

Closed by commit rL310097: CFI: blacklist STL allocate() from unrelated-casts (authored by vlad.tsyrklevich). · Explain WhyAug 4 2017, 12:10 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

cfe/

trunk/

lib/

CodeGen/

CodeGenFunction.cpp

27 lines

test/

CodeGen/

cfi-unrelated-cast.cpp

37 lines

Diff 109798

cfe/trunk/lib/CodeGen/CodeGenFunction.cpp

Show First 20 Lines • Show All 717 Lines • ▼ Show 20 Lines	static bool endsWithReturn(const Decl* F) {
return false;		return false;
}		}

static void markAsIgnoreThreadCheckingAtRuntime(llvm::Function *Fn) {		static void markAsIgnoreThreadCheckingAtRuntime(llvm::Function *Fn) {
Fn->addFnAttr("sanitize_thread_no_checking_at_run_time");		Fn->addFnAttr("sanitize_thread_no_checking_at_run_time");
Fn->removeFnAttr(llvm::Attribute::SanitizeThread);		Fn->removeFnAttr(llvm::Attribute::SanitizeThread);
}		}

		static bool matchesStlAllocatorFn(const Decl *D, const ASTContext &Ctx) {
		auto *MD = dyn_cast_or_null<CXXMethodDecl>(D);
		if (!MD \|\| !MD->getName().equals("allocate") \|\|
		(MD->getNumParams() != 1 && MD->getNumParams() != 2))
		return false;

		if (MD->parameters()[0]->getType().getCanonicalType() != Ctx.getSizeType())
		return false;

		if (MD->getNumParams() == 2) {
		auto *PT = MD->parameters()[1]->getType()->getAs<PointerType>();
		if (!PT \|\| !PT->isVoidPointerType() \|\|
		!PT->getPointeeType().isConstQualified())
		return false;
		}

		return true;
		}

void CodeGenFunction::StartFunction(GlobalDecl GD,		void CodeGenFunction::StartFunction(GlobalDecl GD,
QualType RetTy,		QualType RetTy,
llvm::Function *Fn,		llvm::Function *Fn,
const CGFunctionInfo &FnInfo,		const CGFunctionInfo &FnInfo,
const FunctionArgList &Args,		const FunctionArgList &Args,
SourceLocation Loc,		SourceLocation Loc,
SourceLocation StartLoc) {		SourceLocation StartLoc) {
assert(!CurFn &&		assert(!CurFn &&
▲ Show 20 Lines • Show All 43 Lines • ▼ Show 20 Lines	if (const auto *OMD = dyn_cast_or_null<ObjCMethodDecl>(D)) {
}		}
} else if (const auto *FD = dyn_cast_or_null<FunctionDecl>(D)) {		} else if (const auto *FD = dyn_cast_or_null<FunctionDecl>(D)) {
IdentifierInfo *II = FD->getIdentifier();		IdentifierInfo *II = FD->getIdentifier();
if (II && II->isStr("__destroy_helper_block_"))		if (II && II->isStr("__destroy_helper_block_"))
markAsIgnoreThreadCheckingAtRuntime(Fn);		markAsIgnoreThreadCheckingAtRuntime(Fn);
}		}
}		}

		// Ignore unrelated casts in STL allocate() since the allocator must cast
		// from void* to T* before object initialization completes. Don't match on the
		// namespace because not all allocators are in std::
		if (D && SanOpts.has(SanitizerKind::CFIUnrelatedCast)) {
		if (matchesStlAllocatorFn(D, getContext()))
		SanOpts.Mask &= ~SanitizerKind::CFIUnrelatedCast;
		}

// Apply xray attributes to the function (as a string, for now)		// Apply xray attributes to the function (as a string, for now)
if (D && ShouldXRayInstrumentFunction()) {		if (D && ShouldXRayInstrumentFunction()) {
if (const auto *XRayAttr = D->getAttr<XRayInstrumentAttr>()) {		if (const auto *XRayAttr = D->getAttr<XRayInstrumentAttr>()) {
if (XRayAttr->alwaysXRayInstrument())		if (XRayAttr->alwaysXRayInstrument())
Fn->addFnAttr("function-instrument", "xray-always");		Fn->addFnAttr("function-instrument", "xray-always");
if (XRayAttr->neverXRayInstrument())		if (XRayAttr->neverXRayInstrument())
Fn->addFnAttr("function-instrument", "xray-never");		Fn->addFnAttr("function-instrument", "xray-never");
if (const auto *LogArgs = D->getAttr<XRayLogArgsAttr>()) {		if (const auto *LogArgs = D->getAttr<XRayLogArgsAttr>()) {
▲ Show 20 Lines • Show All 1,394 Lines • Show Last 20 Lines

cfe/trunk/test/CodeGen/cfi-unrelated-cast.cpp

				// STL allocators should not have unrelated-cast tests applied
				// RUN: %clang_cc1 -flto -fvisibility hidden -fsanitize=cfi-unrelated-cast -emit-llvm -o - %s \| FileCheck %s

				#include <stddef.h>

				template<class T>
				class myalloc {
				public:
				// CHECK: define{{.*}}allocateE{{.}}
				// CHECK-NOT: llvm.type.test
				T *allocate(size_t sz) {
				return (T*)::operator new(sz);
				}

				// CHECK: define{{.*}}allocateE{{.}}PKv
				// CHECK-NOT: llvm.type.test
				T allocate(size_t sz, const void ptr) {
				return (T*)::operator new(sz);
				}

				// CHECK: define{{.*}}differentName
				// CHECK: llvm.type.test
				T differentName(size_t sz, const void ptr) {
				return (T*)::operator new(sz);
				}
				};

				class C1 {
				virtual void f() {}
				};

				C1 *f1() {
				myalloc<C1> allocator;
				(void)allocator.allocate(16);
				(void)allocator.allocate(16, 0);
				(void)allocator.differentName(16, 0);
				}