[clang] [clang][KCFI] Respect -fsanitize-cfi-icall-generalize-pointers (PR #152400)
Florian Mayer via cfe-commits
cfe-commits at lists.llvm.org
Sat Aug 9 21:18:44 PDT 2025
https://github.com/fmayer updated https://github.com/llvm/llvm-project/pull/152400
>From c66b915c61d854808da54efb5d83e63f175a08cd Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Wed, 6 Aug 2025 15:32:18 -0700
Subject: [PATCH 1/4] =?UTF-8?q?[=F0=9D=98=80=F0=9D=97=BD=F0=9D=97=BF]=20in?=
=?UTF-8?q?itial=20version?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Created using spr 1.3.4
---
clang/lib/CodeGen/CodeGenModule.cpp | 66 +++++++++++++++--------------
1 file changed, 34 insertions(+), 32 deletions(-)
diff --git a/clang/lib/CodeGen/CodeGenModule.cpp b/clang/lib/CodeGen/CodeGenModule.cpp
index 834b1c067d84c..d75b24083c29b 100644
--- a/clang/lib/CodeGen/CodeGenModule.cpp
+++ b/clang/lib/CodeGen/CodeGenModule.cpp
@@ -2335,7 +2335,39 @@ llvm::ConstantInt *CodeGenModule::CreateCrossDsoCfiTypeId(llvm::Metadata *MD) {
return llvm::ConstantInt::get(Int64Ty, llvm::MD5Hash(MDS->getString()));
}
+// Generalize pointer types to a void pointer with the qualifiers of the
+// originally pointed-to type, e.g. 'const char *' and 'char * const *'
+// generalize to 'const void *' while 'char *' and 'const char **' generalize to
+// 'void *'.
+static QualType GeneralizeType(ASTContext &Ctx, QualType Ty) {
+ if (!Ty->isPointerType())
+ return Ty;
+
+ return Ctx.getPointerType(
+ QualType(Ctx.VoidTy)
+ .withCVRQualifiers(Ty->getPointeeType().getCVRQualifiers()));
+}
+
+// Apply type generalization to a FunctionType's return and argument types
+static QualType GeneralizeFunctionType(ASTContext &Ctx, QualType Ty) {
+ if (auto *FnType = Ty->getAs<FunctionProtoType>()) {
+ SmallVector<QualType, 8> GeneralizedParams;
+ for (auto &Param : FnType->param_types())
+ GeneralizedParams.push_back(GeneralizeType(Ctx, Param));
+
+ return Ctx.getFunctionType(GeneralizeType(Ctx, FnType->getReturnType()),
+ GeneralizedParams, FnType->getExtProtoInfo());
+ }
+
+ if (auto *FnType = Ty->getAs<FunctionNoProtoType>())
+ return Ctx.getFunctionNoProtoType(
+ GeneralizeType(Ctx, FnType->getReturnType()));
+
+ llvm_unreachable("Encountered unknown FunctionType");
+}
llvm::ConstantInt *CodeGenModule::CreateKCFITypeId(QualType T) {
+ if (getCodeGenOpts().SanitizeCfiICallGeneralizePointers)
+ T = GeneralizeFunctionType(getContext(), T);
if (auto *FnType = T->getAs<FunctionProtoType>())
T = getContext().getFunctionType(
FnType->getReturnType(), FnType->getParamTypes(),
@@ -2348,6 +2380,8 @@ llvm::ConstantInt *CodeGenModule::CreateKCFITypeId(QualType T) {
if (getCodeGenOpts().SanitizeCfiICallNormalizeIntegers)
Out << ".normalized";
+ if (getCodeGenOpts().SanitizeCfiICallGeneralizePointers)
+ Out << ".generalized";
return llvm::ConstantInt::get(Int32Ty,
static_cast<uint32_t>(llvm::xxHash64(OutName)));
@@ -7880,38 +7914,6 @@ CodeGenModule::CreateMetadataIdentifierForVirtualMemPtrType(QualType T) {
return CreateMetadataIdentifierImpl(T, VirtualMetadataIdMap, ".virtual");
}
-// Generalize pointer types to a void pointer with the qualifiers of the
-// originally pointed-to type, e.g. 'const char *' and 'char * const *'
-// generalize to 'const void *' while 'char *' and 'const char **' generalize to
-// 'void *'.
-static QualType GeneralizeType(ASTContext &Ctx, QualType Ty) {
- if (!Ty->isPointerType())
- return Ty;
-
- return Ctx.getPointerType(
- QualType(Ctx.VoidTy).withCVRQualifiers(
- Ty->getPointeeType().getCVRQualifiers()));
-}
-
-// Apply type generalization to a FunctionType's return and argument types
-static QualType GeneralizeFunctionType(ASTContext &Ctx, QualType Ty) {
- if (auto *FnType = Ty->getAs<FunctionProtoType>()) {
- SmallVector<QualType, 8> GeneralizedParams;
- for (auto &Param : FnType->param_types())
- GeneralizedParams.push_back(GeneralizeType(Ctx, Param));
-
- return Ctx.getFunctionType(
- GeneralizeType(Ctx, FnType->getReturnType()),
- GeneralizedParams, FnType->getExtProtoInfo());
- }
-
- if (auto *FnType = Ty->getAs<FunctionNoProtoType>())
- return Ctx.getFunctionNoProtoType(
- GeneralizeType(Ctx, FnType->getReturnType()));
-
- llvm_unreachable("Encountered unknown FunctionType");
-}
-
llvm::Metadata *CodeGenModule::CreateMetadataIdentifierGeneralized(QualType T) {
return CreateMetadataIdentifierImpl(GeneralizeFunctionType(getContext(), T),
GeneralizedMetadataIdMap, ".generalized");
>From 5d05395641a216e909636c495bb0522096a44db8 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Wed, 6 Aug 2025 15:37:08 -0700
Subject: [PATCH 2/4] format
Created using spr 1.3.4
---
clang/lib/CodeGen/CodeGenModule.cpp | 1 +
1 file changed, 1 insertion(+)
diff --git a/clang/lib/CodeGen/CodeGenModule.cpp b/clang/lib/CodeGen/CodeGenModule.cpp
index d75b24083c29b..6734f9b20dcab 100644
--- a/clang/lib/CodeGen/CodeGenModule.cpp
+++ b/clang/lib/CodeGen/CodeGenModule.cpp
@@ -2365,6 +2365,7 @@ static QualType GeneralizeFunctionType(ASTContext &Ctx, QualType Ty) {
llvm_unreachable("Encountered unknown FunctionType");
}
+
llvm::ConstantInt *CodeGenModule::CreateKCFITypeId(QualType T) {
if (getCodeGenOpts().SanitizeCfiICallGeneralizePointers)
T = GeneralizeFunctionType(getContext(), T);
>From a162fbc52b1df027d07ffa1fd7809a12d3f3f9de Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Thu, 7 Aug 2025 14:09:16 -0700
Subject: [PATCH 3/4] driver
Created using spr 1.3.4
---
clang/lib/Driver/SanitizerArgs.cpp | 2 ++
clang/test/Driver/fsanitize.c | 5 +++++
2 files changed, 7 insertions(+)
diff --git a/clang/lib/Driver/SanitizerArgs.cpp b/clang/lib/Driver/SanitizerArgs.cpp
index 98793a5bb9979..54f0e63b98070 100644
--- a/clang/lib/Driver/SanitizerArgs.cpp
+++ b/clang/lib/Driver/SanitizerArgs.cpp
@@ -851,6 +851,8 @@ SanitizerArgs::SanitizerArgs(const ToolChain &TC,
}
if (AllAddedKinds & SanitizerKind::KCFI) {
+ CfiICallGeneralizePointers =
+ Args.hasArg(options::OPT_fsanitize_cfi_icall_generalize_pointers);
CfiICallNormalizeIntegers =
Args.hasArg(options::OPT_fsanitize_cfi_icall_normalize_integers);
diff --git a/clang/test/Driver/fsanitize.c b/clang/test/Driver/fsanitize.c
index fbe1fd72c84c6..263301ad4466a 100644
--- a/clang/test/Driver/fsanitize.c
+++ b/clang/test/Driver/fsanitize.c
@@ -794,6 +794,11 @@
// RUN: not %clang --target=x86_64-linux-gnu -fsanitize=cfi-icall -fsanitize-cfi-icall-generalize-pointers -fsanitize-cfi-cross-dso -fvisibility=hidden -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-GENERALIZE-AND-CROSS-DSO
// CHECK-CFI-GENERALIZE-AND-CROSS-DSO: error: invalid argument '-fsanitize-cfi-cross-dso' not allowed with '-fsanitize-cfi-icall-generalize-pointers'
+// RUN: %clang --target=x86_64-linux-gnu -fsanitize=kcfi -fsanitize-cfi-icall-generalize-pointers -fvisibility=hidden -flto -c -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-KCFI-GENERALIZE-POINTERS
+// RUN: %clang --target=x86_64-linux-gnu -fsanitize=kcfi -fvisibility=hidden -flto -c -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-KCFI-GENERALIZE-POINTERS
+// CHECK-KCFI-GENERALIZE-POINTERS: -fsanitize-cfi-icall-generalize-pointers
+// CHECK-NO-KCFI-GENERALIZE-POINTERS-NOT: -fsanitize-cfi-icall-generalize-pointers
+
// RUN: %clang --target=x86_64-linux-gnu -fsanitize=cfi-icall -fsanitize-cfi-canonical-jump-tables -fvisibility=hidden -flto -c -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-CANONICAL-JUMP-TABLES
// RUN: %clang --target=x86_64-linux-gnu -fsanitize=cfi-icall -fno-sanitize-cfi-canonical-jump-tables -fvisibility=hidden -flto -c %s -resource-dir=%S/Inputs/resource_dir -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-CFI-CANONICAL-JUMP-TABLES
// RUN: %clang --target=x86_64-linux-gnu -fsanitize=cfi-icall -fvisibility=hidden -flto -c -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-CANONICAL-JUMP-TABLES
>From 88f72074b84df9aca70ca45c63465e226c3de47f Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer at google.com>
Date: Sat, 9 Aug 2025 21:18:28 -0700
Subject: [PATCH 4/4] add test i forgot to `git add`
Created using spr 1.3.4
---
clang/test/CodeGen/kcfi-generalize.c | 33 ++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
create mode 100644 clang/test/CodeGen/kcfi-generalize.c
diff --git a/clang/test/CodeGen/kcfi-generalize.c b/clang/test/CodeGen/kcfi-generalize.c
new file mode 100644
index 0000000000000..9366040be7a06
--- /dev/null
+++ b/clang/test/CodeGen/kcfi-generalize.c
@@ -0,0 +1,33 @@
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=kcfi -fsanitize-trap=kcfi -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=UNGENERALIZED %s
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=kcfi -fsanitize-trap=kcfi -fsanitize-cfi-icall-generalize-pointers -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=GENERALIZED %s
+
+// Test that const char* is generalized to const ptr and that char** is
+// generalized to ptr
+
+// CHECK: define{{.*}} ptr @f({{.*}} !kcfi_type [[TYPE:![0-9]+]]
+int** f(const char *a, const char **b) {
+ return (int**)0;
+}
+
+// GENERALIZED: define{{.*}} ptr @f2({{.*}} !kcfi_type [[TYPE]]
+// UNGENERALIZED: define{{.*}} ptr @f2({{.*}} !kcfi_type [[TYPE2:![0-9]+]]
+int** f2(const int *a, const int **b) {
+ return (int**)0;
+}
+
+// CHECK: define{{.*}} ptr @f3({{.*}} !kcfi_type [[TYPE3:![0-9]+]]
+int** f3(char *a, char **b) {
+ return (int**)0;
+}
+
+void g(int** (*fp)(const char *, const char **)) {
+ // UNGENERALIZED: call {{.*}} [ "kcfi"(i32 1296635908) ]
+ // GENERALIZED: call {{.*}} [ "kcfi"(i32 -49168686) ]
+ fp(0, 0);
+}
+
+// UNGENERALIZED: [[TYPE]] = !{i32 1296635908}
+// GENERALIZED: [[TYPE]] = !{i32 -49168686}
+
+// UNGENERALIZED: [[TYPE3]] = !{i32 874141567}
+// GENERALIZED: [[TYPE3]] = !{i32 954385378}
\ No newline at end of file
More information about the cfe-commits
mailing list