r242097 - Basic code generation for MSan use-after-dtor.

Alexey Samsonov vonosmas at gmail.com
Mon Jul 13 18:03:52 PDT 2015 

On Mon, Jul 13, 2015 at 5:34 PM, Evgeniy Stepanov <eugeni.stepanov at gmail.com
> wrote:

> Author: eugenis
> Date: Mon Jul 13 19:34:50 2015
> New Revision: 242097
>
> URL: http://llvm.org/viewvc/llvm-project?rev=242097&view=rev
> Log:
> Basic code generation for MSan use-after-dtor.
>
> Under the -fsanitize-memory-use-after-dtor (disabled by default) insert
> an MSan runtime library call at the end of every destructor.
>
> Patch by Naomi Musgrave.
>
> Added:
>     cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp
> Modified:
>     cfe/trunk/lib/CodeGen/CGClass.cpp
>
> Modified: cfe/trunk/lib/CodeGen/CGClass.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGClass.cpp?rev=242097&r1=242096&r2=242097&view=diff
>
> ==============================================================================
> --- cfe/trunk/lib/CodeGen/CGClass.cpp (original)
> +++ cfe/trunk/lib/CodeGen/CGClass.cpp Mon Jul 13 19:34:50 2015
> @@ -1357,6 +1357,25 @@ static bool CanSkipVTablePointerInitiali
>    return true;
>  }
>
> +// Generates function call for handling object poisoning, passing in
> +// references to 'this' and its size as arguments.
> +static void EmitDtorSanitizerCallback(CodeGenFunction &CGF,
> +                                      const CXXDestructorDecl *Dtor) {
> +  const ASTRecordLayout &Layout =
> +      CGF.getContext().getASTRecordLayout(Dtor->getParent());
> +
> +  llvm::Value *Args[] = {
> +      CGF.Builder.CreateBitCast(CGF.LoadCXXThis(), CGF.VoidPtrTy),
> +      llvm::ConstantInt::get(CGF.SizeTy, Layout.getSize().getQuantity())};
> +  llvm::Type *ArgTypes[] = {CGF.VoidPtrTy, CGF.SizeTy};
> +
> +  llvm::FunctionType *FnType =
> +      llvm::FunctionType::get(CGF.VoidTy, ArgTypes, false);
> +  llvm::Value *Fn =
> +      CGF.CGM.CreateRuntimeFunction(FnType, "__sanitizer_dtor_callback");
> +  CGF.EmitNounwindRuntimeCall(Fn, Args);
> +}
> +
>  /// EmitDestructorBody - Emits the body of the current destructor.
>  void CodeGenFunction::EmitDestructorBody(FunctionArgList &Args) {
>    const CXXDestructorDecl *Dtor =
> cast<CXXDestructorDecl>(CurGD.getDecl());
> @@ -1444,6 +1463,10 @@ void CodeGenFunction::EmitDestructorBody
>    // Exit the try if applicable.
>    if (isTryBody)
>      ExitCXXTryStmt(*cast<CXXTryStmt>(Body), true);
> +
> +  // Insert memory-poisoning instrumentation.
> +  if (CGM.getCodeGenOpts().SanitizeMemoryUseAfterDtor)
> +    EmitDtorSanitizerCallback(*this, Dtor);
>  }
>
>  void CodeGenFunction::emitImplicitAssignmentOperatorBody(FunctionArgList
> &Args) {
>
> Added: cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp?rev=242097&view=auto
>
> ==============================================================================
> --- cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp (added)
> +++ cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp Mon Jul 13
> 19:34:50 2015
> @@ -0,0 +1,17 @@
> +// Test -fsanitize-memory-use-after-dtor
> +// RUN: %clang_cc1 -fsanitize=memory -fsanitize-memory-use-after-dtor
> -triple=x86_64-pc-linux -emit-llvm -o - %s | FileCheck %s
> +// RUN: %clang_cc1 -fsanitize=memory -triple=x86_64-pc-linux -emit-llvm
> -o - %s | FileCheck %s -check-prefix=NO_DTOR_CHECK
> +
> +struct Simple {
> +  ~Simple() {}
> +};
> +Simple s;
> +// Simple internal member is poisoned by compiler-generated dtor
> +// CHECK-LABEL: @_ZN6SimpleD2Ev
> +// CHECK: call void @__sanitizer_dtor_callback
> +// CHECK: ret void
> +
> +// Compiling without the flag does not generate member-poisoning dtor
> +// NO_DTOR_CHECK-LABEL: @_ZN6SimpleD2Ev
> +// NO_DTOR_CHECK-NOT: call void @sanitizer_dtor_callback
>

^^
Shouldn't this be
  NO_DTOR_CHECK-NOT: call void @__sanitizer_dtor_callback
?


> +// NO_DTOR_CHECK: ret void
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>



-- 
Alexey Samsonov
vonosmas at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150713/a9283839/attachment.html>

More information about the cfe-commits mailing list