[llvm-dev] help needed: How to get during compile time the base class of casted C++ object inside static_cast<> and dynamic_cast<> and the pointer of the casted object

Mehdi Amini via llvm-dev llvm-dev at lists.llvm.org
Tue Dec 13 09:25:38 PST 2016 

> On Dec 13, 2016, at 8:42 AM, Paul Muntean via llvm-dev <llvm-dev at lists.llvm.org> wrote:
> 
> I want to detect bad casts in C++ code by using the Clang
> compiler. The approach is similar to what Caver and TypeSan do but
> without using the compiler-rt.
> 
> Caver and TypeSan:
> https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-lee.pdf
> https://nebelwelt.net/publications/files/16CCS2.pdf
> 
> For example if I have the following C++ code snippet where I want to
> cast object b into
> object D.
> 
> D* obj = static_cast<D*>(b);
> 
> from where (inside Clang, LTO, thinLTO, etc.) can I get the base class
> of D and the base class ob b. Is this
> available in the Clang compiler or LTO?


This is available in the Clang AST and this is the most straightforward way to manipulate this. Usually it is not available at the LLVM level (no notion of class or hierarchy it present there), but for the CFI and LTO devirtualization infrastructure described here: http://llvm.org/docs/TypeMetadata.html


> 
> Also, if b is an object of a virtual Class (class with inherited or its
> own virtual functions) can I get its virtual pointer at compile time
> by using the LTO?

I don’t understand this question. What do you mean by “virtual pointer”? The Vtable? 
Usually you can’t get it statically, you have to load b (that’s ABI dependent, but clang has the information).

> 
> I found out that in CodeGen/CGExpr.cpp the explicit case "BaseToDerived" is
> handled and you can retrieve TypeSourceInfo using the function
> getTypeInfoAsWritten(). It seems that this information is enough to get
> the exact type of this cast at compile-time and should also work for
> Template programming, as my, understanding is that Clang should have
> abstracted the code into, specific types at this point.
> 
> Am I wrong here?
> 
> Is there any case where the type of the objects used inside the cast
> not known at compile time? Can the,
> 'real' type be hidden behind a pointer?

You didn’t provide enough context in your previous snippet, but consider this:

void foo(B *b) {
  D* obj = static_cast<D*>(b);
}

You don’t know that b points to an instance of B, it could be any subclass of B.

— 
Mehdi

More information about the llvm-dev mailing list