[PATCH] D12712: Implementation and testing for poisoning vtable ptr in dtor.
Naomi Musgrave via cfe-commits
cfe-commits at lists.llvm.org
Tue Sep 8 16:23:27 PDT 2015
nmusgrave created this revision.
nmusgrave added reviewers: eugenis, kcc.
nmusgrave added a subscriber: cfe-commits.
After destruction, invocation of virtual functions prevented
by poisoning vtable pointer.
http://reviews.llvm.org/D12712
Files:
lib/CodeGen/CGClass.cpp
test/CodeGenCXX/sanitize-dtor-derived-class.cpp
test/CodeGenCXX/sanitize-dtor-vtable.cpp
Index: test/CodeGenCXX/sanitize-dtor-vtable.cpp
===================================================================
--- /dev/null
+++ test/CodeGenCXX/sanitize-dtor-vtable.cpp
@@ -0,0 +1,16 @@
+// RUN: %clang_cc1 -O0 -fsanitize=memory -fsanitize-memory-use-after-dtor -disable-llvm-optzns -std=c++11 -triple=x86_64-pc-linux -emit-llvm -o - %s | FileCheck %s
+// RUN: %clang_cc1 -O1 -fsanitize=memory -fsanitize-memory-use-after-dtor -disable-llvm-optzns -std=c++11 -triple=x86_64-pc-linux -emit-llvm -o - %s | FileCheck %s
+
+class A {
+ public:
+ int x;
+ A() {}
+ virtual ~A() {}
+};
+A a;
+
+// CHECK-LABEL: define {{.*}}AD2Ev
+// CHECK: call void @__sanitizer_dtor_callback{{.*}}i64 8
+// CHECK: call void @__sanitizer_dtor_callback
+// CHECK-NOT: call void @__sanitizer_dtor_callback
+// CHECK: ret void
Index: test/CodeGenCXX/sanitize-dtor-derived-class.cpp
===================================================================
--- test/CodeGenCXX/sanitize-dtor-derived-class.cpp
+++ test/CodeGenCXX/sanitize-dtor-derived-class.cpp
@@ -52,13 +52,17 @@
// CHECK-NOT: call void @__sanitizer_dtor_callback
// CHECK: ret void
+// Poison member and vtable pointer.
// CHECK-LABEL: define {{.*}}BaseD2Ev
// CHECK: call void @__sanitizer_dtor_callback
+// CHECK: call void @__sanitizer_dtor_callback
// CHECK-NOT: call void @__sanitizer_dtor_callback
// CHECK: ret void
+// Poison member and vtable pointer.
// CHECK-LABEL: define {{.*}}DerivedD2Ev
// CHECK: call void @__sanitizer_dtor_callback
+// CHECK: call void @__sanitizer_dtor_callback
// CHECK-NOT: call void @__sanitizer_dtor_callback
// CHECK: call void {{.*}}BaseD2Ev
// CHECK-NOT: call void @__sanitizer_dtor_callback
Index: lib/CodeGen/CGClass.cpp
===================================================================
--- lib/CodeGen/CGClass.cpp
+++ lib/CodeGen/CGClass.cpp
@@ -1668,9 +1668,20 @@
// Prevent the current stack frame from disappearing from the stack trace.
CGF.CurFn->addFnAttr("disable-tail-calls", "true");
+ ASTContext &Context = CGF.getContext();
+ // Poison vtable and vtable ptr if they exist for this class.
+ if (Dtor->getParent()->isDynamicClass()) {
+ llvm::Value *VTablePtr = CGF.LoadCXXThis();
+
+ CharUnits::QuantityType PoisonSize =
+ Context.toCharUnitsFromBits(CGF.PointerWidthInBits).getQuantity();
+ // Pass in void pointer and size of region as arguments to runtime
+ // function
+ Poison(CGF, VTablePtr, PoisonSize);
+ }
+
// Construct pointer to region to begin poisoning, and calculate poison
// size, so that only members declared in this class are poisoned.
- ASTContext &Context = CGF.getContext();
unsigned fieldIndex = 0;
int startIndex = -1;
// RecordDecl::field_iterator Field;
@@ -1732,10 +1743,16 @@
if (PoisonSize == 0)
return;
+ Poison(CGF, OffsetPtr, PoisonSize);
+ }
+
+ void Poison(CodeGenFunction &CGF, llvm::Value *OffsetPtr,
+ CharUnits::QuantityType PoisonSize) {
// Pass in void pointer and size of region as arguments to runtime
// function
- llvm::Value *Args[] = {CGF.Builder.CreateBitCast(OffsetPtr, CGF.VoidPtrTy),
- llvm::ConstantInt::get(CGF.SizeTy, PoisonSize)};
+ llvm::Value *Args[] = {
+ CGF.Builder.CreateBitCast(OffsetPtr, CGF.VoidPtrTy),
+ llvm::ConstantInt::get(CGF.SizeTy, PoisonSize)};
llvm::Type *ArgTypes[] = {CGF.VoidPtrTy, CGF.SizeTy};
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D12712.34277.patch
Type: text/x-patch
Size: 3536 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150908/174955a6/attachment.bin>
More information about the cfe-commits
mailing list