[llvm-branch-commits] [clang] Add pointer field protection feature. (PR #133538)

[Peter Collingbourne via llvm-branch-commits]

================
@@ -2201,6 +2215,22 @@ void CodeGenFunction::EmitCXXConstructorCall(
     EmitTypeCheck(CodeGenFunction::TCK_ConstructorCall, Loc, This,
                   getContext().getRecordType(ClassDecl), CharUnits::Zero());
 
+  // When initializing an object that has pointer field protection and whose
+  // fields are not trivially relocatable we must initialize any pointer fields
+  // to a valid signed pointer (any pointer value will do, but we just use null
+  // pointers). This is because if the object is subsequently copied, its copy
+  // constructor will need to read and authenticate any pointer fields in order
+  // to copy the object to a new address, which will fail if the pointers are
+  // uninitialized.
+  if (!getContext().arePFPFieldsTriviallyRelocatable(D->getParent())) {
----------------
pcc wrote:

Looking more closely through the standard confirms that we don't need to do this initialization in the compiler. Because the uninitialized fields may be considered to be what the standard calls "invalid pointer values", the standard gives us a lot of leeway for implementation-defined behavior when reading them. The standard specifically calls out what we want to happen here:
> Some implementations might define that copying an invalid pointer value causes a system-generated runtime fault.

In practice there seem to be only a few places that need to be fixed, so we can just fix them.

https://github.com/llvm/llvm-project/pull/133538