[all-commits] [llvm/llvm-project] c5ea8e: Use-after-dtor detection for trivial base classes.

Vitaly Buka via All-commits all-commits at lists.llvm.org
Wed Mar 16 18:20:51 PDT 2022 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: c5ea8e9138931b74b60221f667da304e244dc57d
      https://github.com/llvm/llvm-project/commit/c5ea8e9138931b74b60221f667da304e244dc57d
  Author: Evgenii Stepanov <eugenis at google.com>
  Date:   2022-03-16 (Wed, 16 Mar 2022)

  Changed paths:
    M clang/lib/CodeGen/CGClass.cpp
    A clang/test/CodeGenCXX/sanitize-dtor-trivial-base.cpp
    M compiler-rt/test/msan/dtor-base-access.cpp

  Log Message:
  -----------
  Use-after-dtor detection for trivial base classes.

-fsanitize-memory-use-after-dtor detects memory access after a
subobject is destroyed but its memory is not yet deallocated.
This is done by poisoning each object memory near the end of its destructor.

Subobjects (members and base classes) do this in their respective
destructors, and the parent class does the same for its members with
trivial destructors.

Inexplicably, base classes with trivial destructors are not handled at
all. This change fixes this oversight by adding the base class poisoning logic
to the parent class destructor.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D119300


  Commit: cb96464f12c44320150c48d639070cf0e4fd8bd2
      https://github.com/llvm/llvm-project/commit/cb96464f12c44320150c48d639070cf0e4fd8bd2
  Author: Evgenii Stepanov <eugenis at google.com>
  Date:   2022-03-16 (Wed, 16 Mar 2022)

  Changed paths:
    M clang/lib/CodeGen/CGClass.cpp
    M clang/test/CodeGenCXX/sanitize-dtor-nontrivial-virtual-base.cpp
    M clang/test/CodeGenCXX/sanitize-dtor-zero-size-field.cpp

  Log Message:
  -----------
  Stricter use-after-dtor detection for trivial members.

Poison trivial class members one-by-one in the reverse order of their
construction, instead of all-at-once at the very end.

For example, in the following code access to `x` from `~B` will
produce an undefined value.

struct A {
  struct B b;
  int x;
};

Reviewed By: kda

Differential Revision: https://reviews.llvm.org/D119600


Compare: https://github.com/llvm/llvm-project/compare/3587b15abe68...cb96464f12c4

More information about the All-commits mailing list