[compiler-rt] r262147 - [UBSan] Fix isDerivedFromAtOffset on iOS ARM64

Alexey Samsonov via llvm-commits llvm-commits at lists.llvm.org
Mon Feb 29 10:49:38 PST 2016 

Hi Filipe,

Thanks for resurrecting and landing this!

On Sat, Feb 27, 2016 at 11:57 AM, Filipe Cabecinhas via llvm-commits <
llvm-commits at lists.llvm.org> wrote:

> Author: filcab
> Date: Sat Feb 27 13:57:44 2016
> New Revision: 262147
>
> URL: http://llvm.org/viewvc/llvm-project?rev=262147&view=rev
> Log:
> [UBSan] Fix isDerivedFromAtOffset on iOS ARM64
>
> Summary:
> iOS on ARM64 doesn't unique RTTI.
> Ref: clang's iOS64CXXABI::shouldRTTIBeUnique()
>
> Due to this, pointer-equality will not necessarily work in this
> architecture, across dylib boundaries.
>
> dynamic_cast<>() will (as expected) still work, since Apple ships with
> one prepared for this, but we can't rely on the type names being
> pointer-equal.
>
> I've limited the expensive strcmp check to the specific architecture
> which needs it.
>
> Example which triggers this bug:
>
> lib.h:
>   struct X {
>     virtual ~X() {}
>   };
>   X *libCall();
>
> lib.mm:
>   X *libCall() {
>     return new X;
>   }
>
> prog.mm:
>   int main() {
>     X *px = libCall();
>     delete px;
>   }
>
> Expected output: Nothing
> Actual output:
> <unknown>: runtime error: member call on address 0x00017001ef50 which does
> not point to an object of type 'X'
> 0x00017001ef50: note: object is of type 'X'
>  00 00 00 00  60 00 0f 00 01 00 00 00  00 00 00 00 00 00 00 00  00 00 00
> 00 00 00 00 00  00 00 00 00
>               ^~~~~~~~~~~~~~~~~~~~~~~
>               vptr for ‘X’
>
> Reviewers: kubabrecka, samsonov, eugenis, rsmith
>
> Subscribers: aemerson, llvm-commits, rengolin
>
> Differential Revision: http://reviews.llvm.org/D11502
>
> Added:
>     compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/
>     compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg
>
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp
>
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h
>
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp
> Modified:
>     compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h
>     compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc
>
> Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h
> URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h?rev=262147&r1=262146&r2=262147&view=diff
>
> ==============================================================================
> --- compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h (original)
> +++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform.h Sat Feb 27
> 13:57:44 2016
> @@ -162,4 +162,10 @@
>  # define MSC_PREREQ(version) 0
>  #endif
>
> +#if defined(__arm64__) && SANITIZER_IOS
> +# define SANITIZER_NON_UNIQUE_TYPEINFO 1
> +#else
> +# define SANITIZER_NON_UNIQUE_TYPEINFO 0
> +#endif
> +
>  #endif // SANITIZER_PLATFORM_H
>
> Modified: compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc
> URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc?rev=262147&r1=262146&r2=262147&view=diff
>
> ==============================================================================
> --- compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc (original)
> +++ compiler-rt/trunk/lib/ubsan/ubsan_type_hash_itanium.cc Sat Feb 27
> 13:57:44 2016
> @@ -115,7 +115,9 @@ static __ubsan::HashValue *getTypeCacheH
>  static bool isDerivedFromAtOffset(const abi::__class_type_info *Derived,
>                                    const abi::__class_type_info *Base,
>                                    sptr Offset) {
> -  if (Derived->__type_name == Base->__type_name)
> +  if (Derived->__type_name == Base->__type_name ||
> +      (SANITIZER_NON_UNIQUE_TYPEINFO &&
> +       !internal_strcmp(Derived->__type_name, Base->__type_name)))
>      return Offset == 0;
>
>    if (const abi::__si_class_type_info *SI =
>
> Added:
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg
> URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg?rev=262147&view=auto
>
> ==============================================================================
> --- compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg
> (added)
> +++ compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/lit.local.cfg
> Sat Feb 27 13:57:44 2016
> @@ -0,0 +1,3 @@
> +# Sources in this directory are helper files for tests which test
> functionality
> +# involving multiple translation units.
> +config.suffixes = []
>
> Added:
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp?rev=262147&view=auto
>
> ==============================================================================
> ---
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp
> (added)
> +++
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.cpp
> Sat Feb 27 13:57:44 2016
> @@ -0,0 +1,5 @@
> +#include "vptr-non-unique-typeinfo-lib.h"
> +
> +X *libCall() {
> +  return new X;
> +}
>
> Added:
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h
> URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h?rev=262147&view=auto
>
> ==============================================================================
> ---
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h
> (added)
> +++
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/Helpers/vptr-non-unique-typeinfo-lib.h
> Sat Feb 27 13:57:44 2016
> @@ -0,0 +1,4 @@
> +struct X {
> +  virtual ~X() {}
> +};
> +X *libCall();
>
> Added:
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp?rev=262147&view=auto
>
> ==============================================================================
> ---
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp
> (added)
> +++
> compiler-rt/trunk/test/ubsan/TestCases/TypeCheck/vptr-non-unique-typeinfo.cpp
> Sat Feb 27 13:57:44 2016
> @@ -0,0 +1,10 @@
> +// RUN: %clangxx -frtti -fsanitize=vptr -fno-sanitize-recover=vptr
> -I%p/Helpers %p/Helpers/vptr-non-unique-typeinfo-lib.cpp -fPIC -shared -o
> %t-lib.so
> +// RUN: %clangxx -frtti -fsanitize=vptr -fno-sanitize-recover=vptr
> -I%p/Helpers -g %s -O3 -o %t %t-lib.so
> +// RUN: %run %t
> +
> +#include "vptr-non-unique-typeinfo-lib.h"
> +
> +int main() {
> +  X *px = libCall();
> +  delete px;
> +}
>
>
^^
Can you get rid of the Helpers/ directory, and make the test more
self-contained by using a single source file for that?
E.g. see how we're doing it in test/msan/dso-origin.cc




>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>



-- 
Alexey Samsonov
vonosmas at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160229/270d483a/attachment.html>

More information about the llvm-commits mailing list