r242097 - Basic code generation for MSan use-after-dtor.
Evgeniy Stepanov
eugeni.stepanov at gmail.com
Mon Jul 13 17:34:50 PDT 2015
Author: eugenis
Date: Mon Jul 13 19:34:50 2015
New Revision: 242097
URL: http://llvm.org/viewvc/llvm-project?rev=242097&view=rev
Log:
Basic code generation for MSan use-after-dtor.
Under the -fsanitize-memory-use-after-dtor (disabled by default) insert
an MSan runtime library call at the end of every destructor.
Patch by Naomi Musgrave.
Added:
cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp
Modified:
cfe/trunk/lib/CodeGen/CGClass.cpp
Modified: cfe/trunk/lib/CodeGen/CGClass.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGClass.cpp?rev=242097&r1=242096&r2=242097&view=diff
==============================================================================
--- cfe/trunk/lib/CodeGen/CGClass.cpp (original)
+++ cfe/trunk/lib/CodeGen/CGClass.cpp Mon Jul 13 19:34:50 2015
@@ -1357,6 +1357,25 @@ static bool CanSkipVTablePointerInitiali
return true;
}
+// Generates function call for handling object poisoning, passing in
+// references to 'this' and its size as arguments.
+static void EmitDtorSanitizerCallback(CodeGenFunction &CGF,
+ const CXXDestructorDecl *Dtor) {
+ const ASTRecordLayout &Layout =
+ CGF.getContext().getASTRecordLayout(Dtor->getParent());
+
+ llvm::Value *Args[] = {
+ CGF.Builder.CreateBitCast(CGF.LoadCXXThis(), CGF.VoidPtrTy),
+ llvm::ConstantInt::get(CGF.SizeTy, Layout.getSize().getQuantity())};
+ llvm::Type *ArgTypes[] = {CGF.VoidPtrTy, CGF.SizeTy};
+
+ llvm::FunctionType *FnType =
+ llvm::FunctionType::get(CGF.VoidTy, ArgTypes, false);
+ llvm::Value *Fn =
+ CGF.CGM.CreateRuntimeFunction(FnType, "__sanitizer_dtor_callback");
+ CGF.EmitNounwindRuntimeCall(Fn, Args);
+}
+
/// EmitDestructorBody - Emits the body of the current destructor.
void CodeGenFunction::EmitDestructorBody(FunctionArgList &Args) {
const CXXDestructorDecl *Dtor = cast<CXXDestructorDecl>(CurGD.getDecl());
@@ -1444,6 +1463,10 @@ void CodeGenFunction::EmitDestructorBody
// Exit the try if applicable.
if (isTryBody)
ExitCXXTryStmt(*cast<CXXTryStmt>(Body), true);
+
+ // Insert memory-poisoning instrumentation.
+ if (CGM.getCodeGenOpts().SanitizeMemoryUseAfterDtor)
+ EmitDtorSanitizerCallback(*this, Dtor);
}
void CodeGenFunction::emitImplicitAssignmentOperatorBody(FunctionArgList &Args) {
Added: cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp?rev=242097&view=auto
==============================================================================
--- cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp (added)
+++ cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp Mon Jul 13 19:34:50 2015
@@ -0,0 +1,17 @@
+// Test -fsanitize-memory-use-after-dtor
+// RUN: %clang_cc1 -fsanitize=memory -fsanitize-memory-use-after-dtor -triple=x86_64-pc-linux -emit-llvm -o - %s | FileCheck %s
+// RUN: %clang_cc1 -fsanitize=memory -triple=x86_64-pc-linux -emit-llvm -o - %s | FileCheck %s -check-prefix=NO_DTOR_CHECK
+
+struct Simple {
+ ~Simple() {}
+};
+Simple s;
+// Simple internal member is poisoned by compiler-generated dtor
+// CHECK-LABEL: @_ZN6SimpleD2Ev
+// CHECK: call void @__sanitizer_dtor_callback
+// CHECK: ret void
+
+// Compiling without the flag does not generate member-poisoning dtor
+// NO_DTOR_CHECK-LABEL: @_ZN6SimpleD2Ev
+// NO_DTOR_CHECK-NOT: call void @sanitizer_dtor_callback
+// NO_DTOR_CHECK: ret void
More information about the cfe-commits
mailing list