This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lib/CodeGen/
-
CodeGen/
10
CGExprCXX.cpp
-
test/CodeGenCXX/
-
CodeGenCXX/
-
typeid-should-throw.cpp

Differential D4416

CodeGen: Properly null-check typeid expressions
ClosedPublic

Authored by majnemer on Jul 8 2014, 12:59 AM.

Download Raw Diff

Details

Reviewers

rsmith

Commits

rG4fbb1b9f9861: CodeGen: Properly null-check typeid expressions
rC213401: CodeGen: Properly null-check typeid expressions
rL213401: CodeGen: Properly null-check typeid expressions

Summary

Thoroughly check for a pointer dereference which yields a glvalue. Look
through casts, comma operators, conditional operators, paren
expressions, etc.

Diff Detail

Event Timeline

majnemer updated this revision to Diff 11143.Jul 8 2014, 12:59 AM

majnemer retitled this revision from to CodeGen: Properly null-check typeid expressions.

majnemer updated this object.

majnemer added a reviewer: rsmith.

majnemer added a subscriber: Unknown Object (MLST).

rsmith added inline comments.Jul 13 2014, 4:53 PM

lib/CodeGen/CGExprCXX.cpp
1618	This doesn't handle ((T)nullptr)[0] Its semantics are defined in terms of a desugaring to ((T*)nullptr + 0) ... so I suppose we should probably handle it here, but it's not entirely clear.
1619	I think this will insert a null check for T p; typeid( (const T&)(T)p ) ... which doesn't seem strictly necessary (though superfluous null checks here seem pretty harmless).

Address Richard's comments.

majnemer added inline comments.Jul 14 2014, 9:47 AM

lib/CodeGen/CGExprCXX.cpp
1618	I've updated `isGLValueFromPointerDeref` to handle this.
1619	I can live with inserting an extra null check here.

Address Richard's comments.

rsmith added inline comments.Jul 15 2014, 4:39 PM

lib/CodeGen/CGExprCXX.cpp
1622	Maybe add a test for the xvalue case; something like `typeid((T&&)(T)nullptr)` ?
1636	How could this not be the case? Also, you have no test coverage for binary conditionals.
1652–1653	Maybe extend this to say that it's not clear what this means, but we use the most generous interpretation.

Closed by commit rL213401 (authored by @majnemer).

lib/CodeGen/CGExprCXX.cpp
1622	Done.
1636	A test has been added, this code has been merged with the `ConditionalOperator` case above.
1652–1653	Done.

Revision Contents

Path

Size

lib/

CodeGen/

CGExprCXX.cpp

34 lines

test/

CodeGenCXX/

typeid-should-throw.cpp

54 lines

Diff 11390

lib/CodeGen/CGExprCXX.cpp

Show First 20 Lines • Show All 1,609 Lines • ▼ Show 20 Lines	void CodeGenFunction::EmitCXXDeleteExpr(const CXXDeleteExpr *E) {
} else {		} else {
EmitObjectDelete(*this, E->getOperatorDelete(), Ptr, DeleteTy,		EmitObjectDelete(*this, E->getOperatorDelete(), Ptr, DeleteTy,
E->isGlobalDelete());		E->isGlobalDelete());
}		}

EmitBlock(DeleteEnd);		EmitBlock(DeleteEnd);
}		}

		static bool isGLValueFromPointerDeref(const Expr *E) {
		rsmithUnsubmitted Not Done Reply Inline Actions This doesn't handle ((T)nullptr)[0] Its semantics are defined in terms of a desugaring to ((T)nullptr + 0) ... so I suppose we should probably handle it here, but it's not entirely clear. rsmith:* This doesn't handle ((T*)nullptr)[0] Its semantics are defined in terms of a desugaring to…
		majnemerAuthorUnsubmitted Not Done Reply Inline Actions I've updated `isGLValueFromPointerDeref` to handle this. majnemer: I've updated `isGLValueFromPointerDeref` to handle this.
		E = E->IgnoreParenCasts();
		rsmithUnsubmitted Not Done Reply Inline Actions I think this will insert a null check for T p; typeid( (const T&)(T)p ) ... which doesn't seem strictly necessary (though superfluous null checks here seem pretty harmless). rsmith: I think this will insert a null check for T p; typeid( (const T&)(T)p ) ... which…
		majnemerAuthorUnsubmitted Not Done Reply Inline Actions I can live with inserting an extra null check here. majnemer: I can live with inserting an extra null check here.

		if (isa<ArraySubscriptExpr>(E))
		return true;
		rsmithUnsubmitted Not Done Reply Inline Actions Maybe add a test for the xvalue case; something like `typeid((T&&)(T)nullptr)` ? rsmith: Maybe add a test for the xvalue case; something like `typeid((T&&)(T)nullptr)` ?
		majnemerAuthorUnsubmitted Not Done Reply Inline Actions Done. majnemer: Done.

		if (const auto *UO = dyn_cast<UnaryOperator>(E))
		if (UO->getOpcode() == UO_Deref)
		return true;

		if (const auto *BO = dyn_cast<BinaryOperator>(E))
		if (BO->getOpcode() == BO_Comma)
		return isGLValueFromPointerDeref(BO->getRHS());

		if (const auto *CO = dyn_cast<ConditionalOperator>(E))
		return isGLValueFromPointerDeref(CO->getTrueExpr()) \|\|
		isGLValueFromPointerDeref(CO->getFalseExpr());

		if (const auto *BCO = dyn_cast<BinaryConditionalOperator>(E))
		rsmithUnsubmitted Not Done Reply Inline Actions How could this not be the case? Also, you have no test coverage for binary conditionals. rsmith: How could this not be the case? Also, you have no test coverage for binary conditionals.
		majnemerAuthorUnsubmitted Not Done Reply Inline Actions A test has been added, this code has been merged with the `ConditionalOperator` case above. majnemer: A test has been added, this code has been merged with the `ConditionalOperator` case above.
		if (const auto *OVE = dyn_cast<OpaqueValueExpr>(BCO->getTrueExpr()))
		return isGLValueFromPointerDeref(OVE->getSourceExpr()) \|\|
		isGLValueFromPointerDeref(BCO->getFalseExpr());

		return false;
		}

static llvm::Value EmitTypeidFromVTable(CodeGenFunction &CGF, const Expr E,		static llvm::Value EmitTypeidFromVTable(CodeGenFunction &CGF, const Expr E,
llvm::Type *StdTypeInfoPtrTy) {		llvm::Type *StdTypeInfoPtrTy) {
// Get the vtable pointer.		// Get the vtable pointer.
llvm::Value *ThisPtr = CGF.EmitLValue(E).getAddress();		llvm::Value *ThisPtr = CGF.EmitLValue(E).getAddress();

// C++ [expr.typeid]p2:		// C++ [expr.typeid]p2:
// If the glvalue expression is obtained by applying the unary * operator to		// If the glvalue expression is obtained by applying the unary * operator to
// a pointer and the pointer is a null pointer value, the typeid expression		// a pointer and the pointer is a null pointer value, the typeid expression
// throws the std::bad_typeid exception.		// throws the std::bad_typeid exception.
bool IsDeref = false;
if (const UnaryOperator *UO = dyn_cast<UnaryOperator>(E->IgnoreParens()))
if (UO->getOpcode() == UO_Deref)
IsDeref = true;

QualType SrcRecordTy = E->getType();		QualType SrcRecordTy = E->getType();
		rsmithUnsubmitted Not Done Reply Inline Actions Maybe extend this to say that it's not clear what this means, but we use the most generous interpretation. rsmith: Maybe extend this to say that it's not clear what this means, but we use the most generous…
		majnemerAuthorUnsubmitted Not Done Reply Inline Actions Done. majnemer: Done.
if (CGF.CGM.getCXXABI().shouldTypeidBeNullChecked(IsDeref, SrcRecordTy)) {		if (CGF.CGM.getCXXABI().shouldTypeidBeNullChecked(
		isGLValueFromPointerDeref(E), SrcRecordTy)) {
llvm::BasicBlock *BadTypeidBlock =		llvm::BasicBlock *BadTypeidBlock =
CGF.createBasicBlock("typeid.bad_typeid");		CGF.createBasicBlock("typeid.bad_typeid");
llvm::BasicBlock *EndBlock = CGF.createBasicBlock("typeid.end");		llvm::BasicBlock *EndBlock = CGF.createBasicBlock("typeid.end");

llvm::Value *IsNull = CGF.Builder.CreateIsNull(ThisPtr);		llvm::Value *IsNull = CGF.Builder.CreateIsNull(ThisPtr);
CGF.Builder.CreateCondBr(IsNull, BadTypeidBlock, EndBlock);		CGF.Builder.CreateCondBr(IsNull, BadTypeidBlock, EndBlock);

CGF.EmitBlock(BadTypeidBlock);		CGF.EmitBlock(BadTypeidBlock);
▲ Show 20 Lines • Show All 145 Lines • Show Last 20 Lines

test/CodeGenCXX/typeid-should-throw.cpp

This file was added.

				// RUN: %clang_cc1 %s -triple %itanium_abi_triple -Wno-unused-value -emit-llvm -o - \| FileCheck %s
				namespace std {
				struct type_info;
				}

				struct A {
				virtual ~A();
				};
				struct B : A {};

				void f1(A x) { typeid(false, x); }
				// CHECK-LABEL: define void @_Z2f1P1A
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f2(bool b, A x, A y) { typeid(b ? x : y); }
				// CHECK-LABEL: define void @_Z2f2bP1AS0_
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f3(bool b, A x, A &y) { typeid(b ? x : y); }
				// CHECK-LABEL: define void @_Z2f3bP1ARS_
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f4(bool b, A &x, A y) { typeid(b ? x : y); }
				// CHECK-LABEL: define void @_Z2f4bR1APS_
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f5(volatile A x) { typeid(x); }
				// CHECK-LABEL: define void @_Z2f5PV1A
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f6(A x) { typeid((B &)(B *)x); }
				// CHECK-LABEL: define void @_Z2f6P1A
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f7(A x) { typeid((x)); }
				// CHECK-LABEL: define void @_Z2f7P1A
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f8(A *x) { typeid(x[0]); }
				// CHECK-LABEL: define void @_Z2f8P1A
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1

				void f9(A *x) { typeid(0[x]); }
				// CHECK-LABEL: define void @_Z2f9P1A
				// CHECK: icmp eq {{.*}}, null
				// CHECK-NEXT: br i1