[PATCH] D132592: [Clang] Implement function attribute nouwtable
Yuanfang Chen via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Aug 26 18:08:06 PDT 2022
ychen added a comment.
In D132592#3751561 <https://reviews.llvm.org/D132592#3751561>, @aaron.ballman wrote:
> In D132592#3749567 <https://reviews.llvm.org/D132592#3749567>, @ychen wrote:
>
>> Thanks for taking a look!
>>
>> In D132592#3749261 <https://reviews.llvm.org/D132592#3749261>, @aaron.ballman wrote:
>>
>>> Do we have any evidence that users need this level of control or will understand how to properly use the attribute? The command line option makes sense to me because it's an all-or-nothing flag, but I'm not certain I understand the need for per-function control.
>>
>> https://github.com/llvm/llvm-project/blob/064a08cd955019da9130f1109bfa534e79b8ec7c/llvm/include/llvm/IR/Function.h#L639-L641, per-function unwind table entry depends on both nounwind and uwtable. We have nothrow attribute for nounwind but not nouwtable for uwtable. With this, a user could use function attributes to control unwind table entry generation which could only be achieved by inline assembly or writing assembly files directly. I'd consider this a companion of nothrow. So making them both per-function attribute seems natural?
>>
>>> Also, if a user gets this wrong (applies the attribute where they shouldn't), what is the failure mode (does it introduce any exploitable behavior)?
>>
>> The flag may only suppress unwind table emission instead of causing more, the lack of unwind table may only stop control flow rather than giving it more freedom. So I think this is safe from a security perspective. Using it wrong may cause unnecessary crashes just like any other memory bugs, but not a malicious binary.
>
> Thank you for the explanations, that helped. :-)
>
> You're missing all of the semantic tests (that the attr takes no arguments, only applies to function-like things, etc). Also, the subject you picked is `FunctionLike` so you should have some test coverage showing how this works when calling through a function pointer with the attribute (or you should pick a more appropriate subject if that one is wrong).
Yes, `Function` is more proper than `FunctionLike`.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D132592/new/
https://reviews.llvm.org/D132592
More information about the cfe-commits
mailing list