[compiler-rt] r262147 - [UBSan] Fix isDerivedFromAtOffset on iOS ARM64

Filipe Cabecinhas via llvm-commits llvm-commits at lists.llvm.org
Sat Feb 27 11:57:45 PST 2016 

Author: filcab
Date: Sat Feb 27 13:57:44 2016
New Revision: 262147

URL: http://llvm.org/viewvc/llvm-project?rev=262147&view=rev
Log:
[UBSan] Fix isDerivedFromAtOffset on iOS ARM64

Summary:
iOS on ARM64 doesn't unique RTTI.
Ref: clang's iOS64CXXABI::shouldRTTIBeUnique()

Due to this, pointer-equality will not necessarily work in this
architecture, across dylib boundaries.

dynamic_cast<>() will (as expected) still work, since Apple ships with
one prepared for this, but we can't rely on the type names being
pointer-equal.

I've limited the expensive strcmp check to the specific architecture
which needs it.

Example which triggers this bug:

lib.h:
  struct X {
    virtual ~X() {}
  };
  X *libCall();

lib.mm:
  X *libCall() {
    return new X;
  }

prog.mm:
  int main() {
    X *px = libCall();
    delete px;
  }

Expected output: Nothing
Actual output:
<unknown>: runtime error: member call on address 0x00017001ef50 which does not point to an object of type 'X'
0x00017001ef50: note: object is of type 'X'
 00 00 00 00  60 00 0f 00 01 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for ‘X’

Reviewers: kubabrecka, samsonov, eugenis, rsmith

Subscribers: aemerson, llvm-commits, rengolin

Differential Revision: http://reviews.llvm.org/D11502

Added:
    compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/
    compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg
    compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp
    compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h
    compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp
Modified:
    compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h
    compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc

Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h?rev=262147&r1=262146&r2=262147&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h Sat Feb 27 13:57:44 2016
@@ -162,4 +162,10 @@
 # define MSC_PREREQ(version) 0
 #endif
 
+#if defined(__arm64__) && SANITIZER_IOS
+# define SANITIZER_NON_UNIQUE_TYPEINFO 1
+#else
+# define SANITIZER_NON_UNIQUE_TYPEINFO 0
+#endif
+
 #endif // SANITIZER_PLATFORM_H

Modified: compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc?rev=262147&r1=262146&r2=262147&view=diff
==============================================================================
--- compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc (original)
+++ compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc Sat Feb 27 13:57:44 2016
@@ -115,7 +115,9 @@ static __ubsan::HashValue *getTypeCacheH
 static bool isDerivedFromAtOffset(const abi::__class_type_info *Derived,
                                   const abi::__class_type_info *Base,
                                   sptr Offset) {
-  if (Derived->__type_name == Base->__type_name)
+  if (Derived->__type_name == Base->__type_name ||
+      (SANITIZER_NON_UNIQUE_TYPEINFO &&
+       !internal_strcmp(Derived->__type_name, Base->__type_name)))
     return Offset == 0;
 
   if (const abi::__si_class_type_info *SI =

Added: compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg?rev=262147&view=auto
==============================================================================
--- compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg (added)
+++ compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg Sat Feb 27 13:57:44 2016
@@ -0,0 +1,3 @@
+# Sources in this directory are helper files for tests which test functionality
+# involving multiple translation units.
+config.suffixes = []

Added: compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp?rev=262147&view=auto
==============================================================================
--- compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp (added)
+++ compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp Sat Feb 27 13:57:44 2016
@@ -0,0 +1,5 @@
+#include "vptr-non-unique-typeinfo-lib.h"
+
+X *libCall() {
+  return new X;
+}

Added: compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h?rev=262147&view=auto
==============================================================================
--- compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h (added)
+++ compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h Sat Feb 27 13:57:44 2016
@@ -0,0 +1,4 @@
+struct X {
+  virtual ~X() {}
+};
+X *libCall();

Added: compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp?rev=262147&view=auto
==============================================================================
--- compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp (added)
+++ compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp Sat Feb 27 13:57:44 2016
@@ -0,0 +1,10 @@
+// RUN: %clangxx -frtti -fsanitize=vptr -fno-sanitize-recover=vptr -I%p/Helpers %p/Helpers/vptr-non-unique-typeinfo-lib.cpp -fPIC -shared -o %t-lib.so
+// RUN: %clangxx -frtti -fsanitize=vptr -fno-sanitize-recover=vptr -I%p/Helpers -g %s -O3 -o %t %t-lib.so
+// RUN: %run %t
+
+#include "vptr-non-unique-typeinfo-lib.h"
+
+int main() {
+  X *px = libCall();
+  delete px;
+}

More information about the llvm-commits mailing list