[PATCH] D134831: [Clang][Sema] Add -Wcast-function-type-strict

Aaron Ballman via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Sep 30 07:19:00 PDT 2022 

aaron.ballman added inline comments.


================
Comment at: clang/docs/ReleaseNotes.rst:229-231
+- Introduced ``-Wcast-function-type-strict`` to warn about function type mismatches
+  in casts that may result in runtime indirect call `Control-Flow Integrity (CFI)
+  <https://clang.llvm.org/docs/ControlFlowIntegrity.html>`_ failures.
----------------



================
Comment at: clang/test/Sema/warn-cast-function-type-strict.c:30
+  g = (f7 *)x; /* expected-warning {{cast from 'int (*)(long)' to 'f7 *' (aka 'int (*)(long, ...)') converts to incompatible function type}} */
+}
----------------
samitolvanen wrote:
> aaron.ballman wrote:
> > Some other test cases I think we should try out:
> > ```
> > typedef int (f8)(int *);
> > typedef int (f9)(const int);
> > typedef int (f10)(int);
> > 
> > int foo(int array[static 12]);
> > int bar(int i);
> > const int baz(int i);
> > 
> > f8 *h = (f8 *)foo; // Should be okay, types are the same after adjustment
> > f9 *i = (f9 *)bar; // Should be okay, types are the same after adjustment
> > f10 *j = (f10 *)baz; // Should be okay, types are the same after adjustment
> > ```
> The first two seem to be OK, the last one does produce a warning here:
> ```
> cast from 'const int (*)(int)' to 'f10 *' (aka 'int (*)(int)') converts to incompatible function type
> ```
Oh yeah, that's right, the C standard is pretty weird here. The return type is required to be compatible (aka same type in this case) per C2x 6.7.6.3p14, and `int` and `const int` are not compatible types (C2x 6.7.3p11). However, the qualifier on the return type is useless because it's stripped when the function is called (C2x 6.5.2.2p5, 6.8.6.4p3, 6.5.16p3, 6.3.2.1p2).

Compilers are wildly inconsistent about this: https://godbolt.org/z/hc6ordGeM


================
Comment at: clang/test/SemaCXX/warn-cast-function-type-strict.cpp:1
+// RUN: %clang_cc1 -x c++ %s -fblocks -fsyntax-only -Wcast-function-type-strict -triple x86_64-- -verify
+
----------------
aaron.ballman wrote:
> Same question about triples here.
You should remove the `-x c++` from the RUN line still.


================
Comment at: clang/test/SemaCXX/warn-cast-function-type.cpp:1
-// RUN: %clang_cc1 -x c++ %s -fblocks -fsyntax-only -Wcast-function-type -triple x86_64-- -verify
+// RUN: %clang_cc1 -x c++ %s -fblocks -fsyntax-only -Wcast-function-type -Wno-cast-function-type-strict -verify
 
----------------



Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D134831/new/

https://reviews.llvm.org/D134831

More information about the cfe-commits mailing list