r242097 - Basic code generation for MSan use-after-dtor.

Mon Jul 13 17:34:50 PDT 2015

Author: eugenis
Date: Mon Jul 13 19:34:50 2015
New Revision: 242097

URL: http://llvm.org/viewvc/llvm-project?rev=242097&view=rev
Log:
Basic code generation for MSan use-after-dtor.

Under the -fsanitize-memory-use-after-dtor (disabled by default) insert
an MSan runtime library call at the end of every destructor.

Patch by Naomi Musgrave.

Added:
    cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp
Modified:
    cfe/trunk/lib/CodeGen/CGClass.cpp

Modified: cfe/trunk/lib/CodeGen/CGClass.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGClass.cpp?rev=242097&r1=242096&r2=242097&view=diff
==============================================================================

--- cfe/trunk/lib/CodeGen/CGClass.cpp (original)
+++ cfe/trunk/lib/CodeGen/CGClass.cpp Mon Jul 13 19:34:50 2015
@@ -1357,6 +1357,25 @@ static bool CanSkipVTablePointerInitiali
   return true;
 }
 
+// Generates function call for handling object poisoning, passing in
+// references to 'this' and its size as arguments.
+static void EmitDtorSanitizerCallback(CodeGenFunction &CGF,
+                                      const CXXDestructorDecl *Dtor) {
+  const ASTRecordLayout &Layout =
+      CGF.getContext().getASTRecordLayout(Dtor->getParent());
+
+  llvm::Value *Args[] = {
+      CGF.Builder.CreateBitCast(CGF.LoadCXXThis(), CGF.VoidPtrTy),
+      llvm::ConstantInt::get(CGF.SizeTy, Layout.getSize().getQuantity())};
+  llvm::Type *ArgTypes[] = {CGF.VoidPtrTy, CGF.SizeTy};
+
+  llvm::FunctionType *FnType =
+      llvm::FunctionType::get(CGF.VoidTy, ArgTypes, false);
+  llvm::Value *Fn =
+      CGF.CGM.CreateRuntimeFunction(FnType, "__sanitizer_dtor_callback");
+  CGF.EmitNounwindRuntimeCall(Fn, Args);
+}
+
 /// EmitDestructorBody - Emits the body of the current destructor.
 void CodeGenFunction::EmitDestructorBody(FunctionArgList &Args) {
   const CXXDestructorDecl *Dtor = cast<CXXDestructorDecl>(CurGD.getDecl());
@@ -1444,6 +1463,10 @@ void CodeGenFunction::EmitDestructorBody
   // Exit the try if applicable.
   if (isTryBody)
     ExitCXXTryStmt(*cast<CXXTryStmt>(Body), true);
+
+  // Insert memory-poisoning instrumentation.
+  if (CGM.getCodeGenOpts().SanitizeMemoryUseAfterDtor)
+    EmitDtorSanitizerCallback(*this, Dtor);
 }
 
 void CodeGenFunction::emitImplicitAssignmentOperatorBody(FunctionArgList &Args) {

Added: cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp?rev=242097&view=auto
==============================================================================
--- cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp (added)
+++ cfe/trunk/test/CodeGenCXX/sanitize-dtor-callback.cpp Mon Jul 13 19:34:50 2015
@@ -0,0 +1,17 @@
+// Test -fsanitize-memory-use-after-dtor
+// RUN: %clang_cc1 -fsanitize=memory -fsanitize-memory-use-after-dtor -triple=x86_64-pc-linux -emit-llvm -o - %s | FileCheck %s
+// RUN: %clang_cc1 -fsanitize=memory -triple=x86_64-pc-linux -emit-llvm -o - %s | FileCheck %s -check-prefix=NO_DTOR_CHECK
+
+struct Simple {
+  ~Simple() {}
+};
+Simple s;
+// Simple internal member is poisoned by compiler-generated dtor
+// CHECK-LABEL: @_ZN6SimpleD2Ev
+// CHECK: call void @__sanitizer_dtor_callback
+// CHECK: ret void
+
+// Compiling without the flag does not generate member-poisoning dtor
+// NO_DTOR_CHECK-LABEL: @_ZN6SimpleD2Ev
+// NO_DTOR_CHECK-NOT: call void @sanitizer_dtor_callback
+// NO_DTOR_CHECK: ret void



