diff options
| author | Ivan Krasin <krasin@chromium.org> | 2016-11-17 00:39:48 +0000 |
|---|---|---|
| committer | Ivan Krasin <krasin@chromium.org> | 2016-11-17 00:39:48 +0000 |
| commit | d98f5d78cbe1f5f83833e95d7dea663b9ab69e4b (patch) | |
| tree | d1acc32d5613fd2d235b086af27ff6757d6ffdd7 /clang/test/CodeGenCXX/ubsan-vtable-checks.cpp | |
| parent | 48c26b2b1297c1b2e2e1cd67e50c016c652c6c60 (diff) | |
| download | bcm5719-llvm-d98f5d78cbe1f5f83833e95d7dea663b9ab69e4b.tar.gz bcm5719-llvm-d98f5d78cbe1f5f83833e95d7dea663b9ab69e4b.zip | |
Insert a type check before reading vtable.
Summary:
this is to prevent a situation when a pointer is invalid or null,
but we get to reading from vtable before we can check that
(possibly causing a segfault without a good diagnostics).
Reviewers: pcc
Subscribers: cfe-commits
Differential Revision: https://reviews.llvm.org/D26559
llvm-svn: 287181
Diffstat (limited to 'clang/test/CodeGenCXX/ubsan-vtable-checks.cpp')
| -rw-r--r-- | clang/test/CodeGenCXX/ubsan-vtable-checks.cpp | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/clang/test/CodeGenCXX/ubsan-vtable-checks.cpp b/clang/test/CodeGenCXX/ubsan-vtable-checks.cpp new file mode 100644 index 00000000000..932390cfb24 --- /dev/null +++ b/clang/test/CodeGenCXX/ubsan-vtable-checks.cpp @@ -0,0 +1,40 @@ +// RUN: %clang_cc1 -std=c++11 -triple %itanium_abi_triple -emit-llvm -fsanitize=null %s -o - | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK-NULL --check-prefix=ITANIUM +// RUN: %clang_cc1 -std=c++11 -triple x86_64-windows -emit-llvm -fsanitize=null %s -o - | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK-NULL --check-prefix=MSABI +// RUN: %clang_cc1 -std=c++11 -triple %itanium_abi_triple -emit-llvm -fsanitize=vptr %s -o - | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK-VPTR --check-prefix=ITANIUM +// RUN: %clang_cc1 -std=c++11 -triple x86_64-windows -emit-llvm -fsanitize=vptr %s -o - | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK-VPTR --check-prefix=MSABI +struct T { + virtual ~T() {} + virtual int v() { return 1; } +}; + +struct U : T { + ~U(); + virtual int v() { return 2; } +}; + +U::~U() {} + +// ITANIUM: define i32 @_Z5get_vP1T +// MSABI: define i32 @"\01?get_v +int get_v(T* t) { + // First, we check that vtable is not loaded before a type check. + // CHECK-NULL-NOT: load {{.*}} (%struct.T*{{.*}})**, {{.*}} (%struct.T*{{.*}})*** + // CHECK-NULL: [[UBSAN_CMP_RES:%[0-9]+]] = icmp ne %struct.T* %{{[_a-z0-9]+}}, null + // CHECK-NULL-NEXT: br i1 [[UBSAN_CMP_RES]], label %{{.*}}, label %{{.*}} + // CHECK-NULL: call void @__ubsan_handle_type_mismatch_abort + // Second, we check that vtable is actually loaded once the type check is done. + // CHECK-NULL: load {{.*}} (%struct.T*{{.*}})**, {{.*}} (%struct.T*{{.*}})*** + return t->v(); +} + +// ITANIUM: define void @_Z9delete_itP1T +// MSABI: define void @"\01?delete_it +void delete_it(T *t) { + // First, we check that vtable is not loaded before a type check. + // CHECK-VPTR-NOT: load {{.*}} (%struct.T*{{.*}})**, {{.*}} (%struct.T*{{.*}})*** + // CHECK-VPTR: br i1 {{.*}} label %{{.*}} + // CHECK-VPTR: call void @__ubsan_handle_dynamic_type_cache_miss_abort + // Second, we check that vtable is actually loaded once the type check is done. + // CHECK-VPTR: load {{.*}} (%struct.T*{{.*}})**, {{.*}} (%struct.T*{{.*}})*** + delete t; +} |
