<div dir="ltr">Hi Filipe,<div><br></div><div>Thanks for resurrecting and landing this!<br><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Feb 27, 2016 at 11:57 AM, Filipe Cabecinhas via llvm-commits <span dir="ltr"><<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Author: filcab<br>
Date: Sat Feb 27 13:57:44 2016<br>
New Revision: 262147<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=262147&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project?rev=262147&view=rev</a><br>
Log:<br>
[UBSan] Fix isDerivedFromAtOffset on iOS ARM64<br>
<br>
Summary:<br>
iOS on ARM64 doesn't unique RTTI.<br>
Ref: clang's iOS64CXXABI::shouldRTTIBeUnique()<br>
<br>
Due to this, pointer-equality will not necessarily work in this<br>
architecture, across dylib boundaries.<br>
<br>
dynamic_cast<>() will (as expected) still work, since Apple ships with<br>
one prepared for this, but we can't rely on the type names being<br>
pointer-equal.<br>
<br>
I've limited the expensive strcmp check to the specific architecture<br>
which needs it.<br>
<br>
Example which triggers this bug:<br>
<br>
lib.h:<br>
  struct X {<br>
    virtual ~X() {}<br>
  };<br>
  X *libCall();<br>
<br>
<a href="http://lib.mm" rel="noreferrer" target="_blank">lib.mm</a>:<br>
  X *libCall() {<br>
    return new X;<br>
  }<br>
<br>
<a href="http://prog.mm" rel="noreferrer" target="_blank">prog.mm</a>:<br>
  int main() {<br>
    X *px = libCall();<br>
    delete px;<br>
  }<br>
<br>
Expected output: Nothing<br>
Actual output:<br>
<unknown>: runtime error: member call on address 0x00017001ef50 which does not point to an object of type 'X'<br>
0x00017001ef50: note: object is of type 'X'<br>
 00 00 00 00  60 00 0f 00 01 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00<br>
              ^~~~~~~~~~~~~~~~~~~~~~~<br>
              vptr for ‘X’<br>
<br>
Reviewers: kubabrecka, samsonov, eugenis, rsmith<br>
<br>
Subscribers: aemerson, llvm-commits, rengolin<br>
<br>
Differential Revision: <a href="http://reviews.llvm.org/D11502" rel="noreferrer" target="_blank">http://reviews.llvm.org/D11502</a><br>
<br>
Added:<br>
    compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/<br>
    compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg<br>
    compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp<br>
    compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h<br>
    compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp<br>
Modified:<br>
    compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h<br>
    compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc<br>
<br>
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h?rev=262147&r1=262146&r2=262147&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h?rev=262147&r1=262146&r2=262147&view=diff</a><br>
==============================================================================<br>
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h (original)<br>
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h Sat Feb 27 13:57:44 2016<br>
@@ -162,4 +162,10 @@<br>
 # define MSC_PREREQ(version) 0<br>
 #endif<br>
<br>
+#if defined(__arm64__) && SANITIZER_IOS<br>
+# define SANITIZER_NON_UNIQUE_TYPEINFO 1<br>
+#else<br>
+# define SANITIZER_NON_UNIQUE_TYPEINFO 0<br>
+#endif<br>
+<br>
 #endif // SANITIZER_PLATFORM_H<br>
<br>
Modified: compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc?rev=262147&r1=262146&r2=262147&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc?rev=262147&r1=262146&r2=262147&view=diff</a><br>
==============================================================================<br>
--- compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc (original)<br>
+++ compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc Sat Feb 27 13:57:44 2016<br>
@@ -115,7 +115,9 @@ static __ubsan::HashValue *getTypeCacheH<br>
 static bool isDerivedFromAtOffset(const abi::__class_type_info *Derived,<br>
                                   const abi::__class_type_info *Base,<br>
                                   sptr Offset) {<br>
-  if (Derived->__type_name == Base->__type_name)<br>
+  if (Derived->__type_name == Base->__type_name ||<br>
+      (SANITIZER_NON_UNIQUE_TYPEINFO &&<br>
+       !internal_strcmp(Derived->__type_name, Base->__type_name)))<br>
     return Offset == 0;<br>
<br>
   if (const abi::__si_class_type_info *SI =<br>
<br>
Added: compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg?rev=262147&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg?rev=262147&view=auto</a><br>
==============================================================================<br>
--- compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg (added)<br>
+++ compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg Sat Feb 27 13:57:44 2016<br>
@@ -0,0 +1,3 @@<br>
+# Sources in this directory are helper files for tests which test functionality<br>
+# involving multiple translation units.<br>
+config.suffixes = []<br>
<br>
Added: compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp?rev=262147&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp?rev=262147&view=auto</a><br>
==============================================================================<br>
--- compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp (added)<br>
+++ compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp Sat Feb 27 13:57:44 2016<br>
@@ -0,0 +1,5 @@<br>
+#include "vptr-non-unique-typeinfo-lib.h"<br>
+<br>
+X *libCall() {<br>
+  return new X;<br>
+}<br>
<br>
Added: compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h?rev=262147&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h?rev=262147&view=auto</a><br>
==============================================================================<br>
--- compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h (added)<br>
+++ compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h Sat Feb 27 13:57:44 2016<br>
@@ -0,0 +1,4 @@<br>
+struct X {<br>
+  virtual ~X() {}<br>
+};<br>
+X *libCall();<br>
<br>
Added: compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp?rev=262147&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp?rev=262147&view=auto</a><br>
==============================================================================<br>
--- compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp (added)<br>
+++ compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp Sat Feb 27 13:57:44 2016<br>
@@ -0,0 +1,10 @@<br>
+// RUN: %clangxx -frtti -fsanitize=vptr -fno-sanitize-recover=vptr -I%p/Helpers %p/Helpers/vptr-non-unique-typeinfo-lib.cpp -fPIC -shared -o %t-lib.so<br>
+// RUN: %clangxx -frtti -fsanitize=vptr -fno-sanitize-recover=vptr -I%p/Helpers -g %s -O3 -o %t %t-lib.so<br>
+// RUN: %run %t<br>
+<br>
+#include "vptr-non-unique-typeinfo-lib.h"<br>
+<br>
+int main() {<br>
+  X *px = libCall();<br>
+  delete px;<br>
+}<br>
<br></blockquote><div><br></div><div>^^</div><div>Can you get rid of the Helpers/ directory, and make the test more self-contained by using a single source file for that?</div><div>E.g. see how we're doing it in test/msan/dso-origin.cc</div><div><br></div><div><br></div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Alexey Samsonov<br><a href="mailto:vonosmas@gmail.com" target="_blank">vonosmas@gmail.com</a></div></div>
</div></div></div>