<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jul 13, 2015 at 5:34 PM, Evgeniy Stepanov <span dir="ltr"><<a href="mailto:eugeni.stepanov@gmail.com" target="_blank">eugeni.stepanov@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Author: eugenis<br>
Date: Mon Jul 13 19:34:50 2015<br>
New Revision: 242097<br>
<br>
URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject-3Frev-3D242097-26view-3Drev&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=BSqEv9KvKMW_Ob8SyngJ70KdZISM_ASROnREeq0cCxk&m=K0F0V_1lVC7pSevdcl2YOo5W-JHh_zBD5JbqZ_3KejI&s=0b-gy19Aw_SPpM-WfoFupyr85ZRNHgRwvwp5wWfNDrc&e=" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project?rev=242097&view=rev</a><br>
Log:<br>
Basic code generation for MSan use-after-dtor.<br>
<br>
Under the -fsanitize-memory-use-after-dtor (disabled by default) insert<br>
an MSan runtime library call at the end of every destructor.<br>
<br>
Patch by Naomi Musgrave.<br>
<br>
Added:<br>
cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp<br>
Modified:<br>
cfe/trunk/lib/CodeGen/CGClass.cpp<br>
<br>
Modified: cfe/trunk/lib/CodeGen/CGClass.cpp<br>
URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject_cfe_trunk_lib_CodeGen_CGClass.cpp-3Frev-3D242097-26r1-3D242096-26r2-3D242097-26view-3Ddiff&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=BSqEv9KvKMW_Ob8SyngJ70KdZISM_ASROnREeq0cCxk&m=K0F0V_1lVC7pSevdcl2YOo5W-JHh_zBD5JbqZ_3KejI&s=y_wa5JxW5OUFiWcYZrcU374GZhOBT8-6n2cVluGCxYI&e=" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGClass.cpp?rev=242097&r1=242096&r2=242097&view=diff</a><br>
==============================================================================<br>
--- cfe/trunk/lib/CodeGen/CGClass.cpp (original)<br>
+++ cfe/trunk/lib/CodeGen/CGClass.cpp Mon Jul 13 19:34:50 2015<br>
@@ -1357,6 +1357,25 @@ static bool CanSkipVTablePointerInitiali<br>
return true;<br>
}<br>
<br>
+// Generates function call for handling object poisoning, passing in<br>
+// references to 'this' and its size as arguments.<br>
+static void EmitDtorSanitizerCallback(CodeGenFunction &CGF,<br>
+ const CXXDestructorDecl *Dtor) {<br>
+ const ASTRecordLayout &Layout =<br>
+ CGF.getContext().getASTRecordLayout(Dtor->getParent());<br>
+<br>
+ llvm::Value *Args[] = {<br>
+ CGF.Builder.CreateBitCast(CGF.LoadCXXThis(), CGF.VoidPtrTy),<br>
+ llvm::ConstantInt::get(CGF.SizeTy, Layout.getSize().getQuantity())};<br>
+ llvm::Type *ArgTypes[] = {CGF.VoidPtrTy, CGF.SizeTy};<br>
+<br>
+ llvm::FunctionType *FnType =<br>
+ llvm::FunctionType::get(CGF.VoidTy, ArgTypes, false);<br>
+ llvm::Value *Fn =<br>
+ CGF.CGM.CreateRuntimeFunction(FnType, "__sanitizer_dtor_callback");<br>
+ CGF.EmitNounwindRuntimeCall(Fn, Args);<br>
+}<br>
+<br>
/// EmitDestructorBody - Emits the body of the current destructor.<br>
void CodeGenFunction::EmitDestructorBody(FunctionArgList &Args) {<br>
const CXXDestructorDecl *Dtor = cast<CXXDestructorDecl>(CurGD.getDecl());<br>
@@ -1444,6 +1463,10 @@ void CodeGenFunction::EmitDestructorBody<br>
// Exit the try if applicable.<br>
if (isTryBody)<br>
ExitCXXTryStmt(*cast<CXXTryStmt>(Body), true);<br>
+<br>
+ // Insert memory-poisoning instrumentation.<br>
+ if (CGM.getCodeGenOpts().SanitizeMemoryUseAfterDtor)<br>
+ EmitDtorSanitizerCallback(*this, Dtor);<br>
}<br>
<br>
void CodeGenFunction::emitImplicitAssignmentOperatorBody(FunctionArgList &Args) {<br>
<br>
Added: cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp<br>
URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject_cfe_trunk_test_CodeGenCXX_sanitize-2Ddtor-2Dcallback.cpp-3Frev-3D242097-26view-3Dauto&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=BSqEv9KvKMW_Ob8SyngJ70KdZISM_ASROnREeq0cCxk&m=K0F0V_1lVC7pSevdcl2YOo5W-JHh_zBD5JbqZ_3KejI&s=di6J_np2aPI-qzLL1CkgMASBydmwpa9gqmDO4Nt3Oo0&e=" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp?rev=242097&view=auto</a><br>
==============================================================================<br>
--- cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp (added)<br>
+++ cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp Mon Jul 13 19:34:50 2015<br>
@@ -0,0 +1,17 @@<br>
+// Test -fsanitize-memory-use-after-dtor<br>
+// RUN: %clang_cc1 -fsanitize=memory -fsanitize-memory-use-after-dtor -triple=x86_64-pc-linux -emit-llvm -o - %s | FileCheck %s<br>
+// RUN: %clang_cc1 -fsanitize=memory -triple=x86_64-pc-linux -emit-llvm -o - %s | FileCheck %s -check-prefix=NO_DTOR_CHECK<br>
+<br>
+struct Simple {<br>
+ ~Simple() {}<br>
+};<br>
+Simple s;<br>
+// Simple internal member is poisoned by compiler-generated dtor<br>
+// CHECK-LABEL: @_ZN6SimpleD2Ev<br>
+// CHECK: call void @__sanitizer_dtor_callback<br>
+// CHECK: ret void<br>
+<br>
+// Compiling without the flag does not generate member-poisoning dtor<br>
+// NO_DTOR_CHECK-LABEL: @_ZN6SimpleD2Ev<br>
+// NO_DTOR_CHECK-NOT: call void @sanitizer_dtor_callback<br></blockquote><div><br></div><div>^^</div><div>Shouldn't this be</div><div> NO_DTOR_CHECK-NOT: call void @__sanitizer_dtor_callback<br></div><div>?</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
+// NO_DTOR_CHECK: ret void<br>
<br>
<br>
_______________________________________________<br>
cfe-commits mailing list<br>
<a href="mailto:cfe-commits@cs.uiuc.edu">cfe-commits@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits" rel="noreferrer" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Alexey Samsonov<br><a href="mailto:vonosmas@gmail.com" target="_blank">vonosmas@gmail.com</a></div></div>
</div></div>