b194cf1e40
This introduces the attribute discussed in https://discourse.llvm.org/t/rfc-function-type-attribute-to-prevent-cfi-instrumentation/85458. The proposed name has been changed from `no_cfi` to `cfi_unchecked_callee` to help differentiate from `no_sanitize("cfi")` more easily. The proposed attribute has the following semantics: 1. Indirect calls to a function type with this attribute will not be instrumented with CFI. That is, the indirect call will not be checked. Note that this only changes the behavior for indirect calls on pointers to function types having this attribute. It does not prevent all indirect function calls for a given type from being checked. 2. All direct references to a function whose type has this attribute will always reference the true function definition rather than an entry in the CFI jump table. 3. When a pointer to a function with this attribute is implicitly cast to a pointer to a function without this attribute, the compiler will give a warning saying this attribute is discarded. This warning can be silenced with an explicit C-style cast or C++ static_cast.
54 lines
2.4 KiB
C++
54 lines
2.4 KiB
C++
// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -emit-llvm -fsanitize=cfi-mfcall -o - %s -fvisibility=hidden | FileCheck %s
|
|
|
|
#define CFI_UNCHECKED_CALLEE __attribute__((cfi_unchecked_callee))
|
|
|
|
class A {};
|
|
|
|
// CHECK-LABEL: _Z14MemberFuncCallP1AMS_FvvE
|
|
void MemberFuncCall(A *s, void (A::*p)()) {
|
|
// CHECK: memptr.virtual:
|
|
// CHECK-NEXT: [[VTABLE:%.*]] = load ptr, ptr {{.*}}, align 8
|
|
// CHECK-NEXT: [[OFFSET:%.*]] = sub i64 %memptr.ptr, 1
|
|
// CHECK-NEXT: [[FUNC:%.*]] = getelementptr i8, ptr [[VTABLE]], i64 [[OFFSET]]
|
|
// CHECK-NEXT: [[VALID:%.*]] = call i1 @llvm.type.test(ptr [[FUNC]], metadata !"_ZTSM1AFvvE.virtual")
|
|
// CHECK-NEXT: [[FUNC:%.*]] = getelementptr i8, ptr [[VTABLE]], i64 [[OFFSET]]
|
|
// CHECK-NEXT: %memptr.virtualfn = load ptr, ptr [[FUNC]], align 8
|
|
// CHECK-NEXT: {{.*}}= call i1 @llvm.type.test(ptr [[VTABLE]], metadata !"all-vtables")
|
|
// CHECK-NEXT: br i1 [[VALID]], label %[[CONT:.*]], label %handler.cfi_check_fail{{.*}}
|
|
|
|
// CHECK: [[CONT]]:
|
|
// CHECK-NEXT: br label %memptr.end
|
|
|
|
// CHECK: memptr.nonvirtual:
|
|
// CHECK-NEXT: %memptr.nonvirtualfn = inttoptr i64 %memptr.ptr to ptr
|
|
// CHECK-NEXT: [[VALID:%.*]] = call i1 @llvm.type.test(ptr %memptr.nonvirtualfn, metadata !"_ZTSM1AFvvE")
|
|
// CHECK-NEXT: [[VALID2:%.*]] = or i1 false, [[VALID]]
|
|
// CHECK-NEXT: br i1 [[VALID2]], label %[[CONT2:.*]], label %handler.cfi_check_fail{{.*}}
|
|
|
|
// CHECK: [[CONT2]]:
|
|
// CHECK-NEXT: br label %memptr.end
|
|
|
|
// CHECK: memptr.end:
|
|
// CHECK-NEXT: {{.*}} = phi ptr [ %memptr.virtualfn, %[[CONT]] ], [ %memptr.nonvirtualfn, %[[CONT2]] ]
|
|
(s->*p)();
|
|
}
|
|
|
|
// CHECK-LABEL: _Z19MemberFuncCallNoCFIP1AMS_FvvE
|
|
// CHECK-NOT: llvm.type.test
|
|
void MemberFuncCallNoCFI(A *s, void (CFI_UNCHECKED_CALLEE A::*p)()) {
|
|
// CHECK: memptr.virtual:
|
|
// CHECK-NEXT: [[VTABLE:%.*]] = load ptr, ptr {{.*}}, align 8
|
|
// CHECK-NEXT: [[OFFSET:%.*]] = sub i64 %memptr.ptr, 1
|
|
// CHECK-NEXT: [[FUNC:%.*]] = getelementptr i8, ptr [[VTABLE]], i64 [[OFFSET]]
|
|
// CHECK-NEXT: %memptr.virtualfn = load ptr, ptr [[FUNC]], align 8
|
|
// CHECK-NEXT: br label %memptr.end
|
|
|
|
// CHECK: memptr.nonvirtual:
|
|
// CHECK-NEXT: %memptr.nonvirtualfn = inttoptr i64 %memptr.ptr to ptr
|
|
// CHECK-NEXT: br label %memptr.end
|
|
|
|
// CHECK: memptr.end:
|
|
// CHECK-NEXT: {{.*}} = phi ptr [ %memptr.virtualfn, %memptr.virtual ], [ %memptr.nonvirtualfn, %memptr.nonvirtual ]
|
|
(s->*p)();
|
|
}
|