CFI: blacklist STL allocate() from unrelated-casts

Summary: Previously, STL allocators were blacklisted in compiler_rt's cfi_blacklist.txt because they mandated a cast from void* to T* before object initialization completed. This change moves that logic into the front end because C++ name mangling supports a substitution compression mechanism for symbols that makes it difficult to blacklist the mangled symbol for allocate() using a regular expression. Motivated by crbug.com/751385. Reviewers: pcc, kcc Reviewed By: pcc Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D36294 llvm-svn: 310097
llvm · Aug 4, 2017 · 4420012 · 4420012
1 parent fa857b1
commit 4420012
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 0 deletions.
diff --git a/clang/lib/CodeGen/CodeGenFunction.cpp b/clang/lib/CodeGen/CodeGenFunction.cpp
@@ -723,6 +723,25 @@ static void markAsIgnoreThreadCheckingAtRuntime(llvm::Function *Fn) {
   Fn->removeFnAttr(llvm::Attribute::SanitizeThread);
 }
 
+static bool matchesStlAllocatorFn(const Decl *D, const ASTContext &Ctx) {
+  auto *MD = dyn_cast_or_null<CXXMethodDecl>(D);
+  if (!MD || !MD->getName().equals("allocate") ||
+      (MD->getNumParams() != 1 && MD->getNumParams() != 2))
+    return false;
+
+  if (MD->parameters()[0]->getType().getCanonicalType() != Ctx.getSizeType())
+    return false;
+
+  if (MD->getNumParams() == 2) {
+    auto *PT = MD->parameters()[1]->getType()->getAs<PointerType>();
+    if (!PT || !PT->isVoidPointerType() ||
+        !PT->getPointeeType().isConstQualified())
+      return false;
+  }
+
+  return true;
+}
+
 void CodeGenFunction::StartFunction(GlobalDecl GD,
                                     QualType RetTy,
                                     llvm::Function *Fn,
@@ -782,6 +801,14 @@ void CodeGenFunction::StartFunction(GlobalDecl GD,
     }
   }
 
+  // Ignore unrelated casts in STL allocate() since the allocator must cast
+  // from void* to T* before object initialization completes. Don't match on the
+  // namespace because not all allocators are in std::
+  if (D && SanOpts.has(SanitizerKind::CFIUnrelatedCast)) {
+    if (matchesStlAllocatorFn(D, getContext()))
+      SanOpts.Mask &= ~SanitizerKind::CFIUnrelatedCast;
+  }
+
   // Apply xray attributes to the function (as a string, for now)
   if (D && ShouldXRayInstrumentFunction()) {
     if (const auto *XRayAttr = D->getAttr<XRayInstrumentAttr>()) {

diff --git a/clang/test/CodeGen/cfi-unrelated-cast.cpp b/clang/test/CodeGen/cfi-unrelated-cast.cpp
@@ -0,0 +1,37 @@
+// STL allocators should not have unrelated-cast tests applied
+// RUN: %clang_cc1 -flto -fvisibility hidden -fsanitize=cfi-unrelated-cast -emit-llvm -o - %s | FileCheck %s
+
+#include <stddef.h>
+
+template<class T>
+class myalloc {
+ public:
+  // CHECK: define{{.*}}allocateE{{.}}
+  // CHECK-NOT: llvm.type.test
+  T *allocate(size_t sz) {
+    return (T*)::operator new(sz);
+  }
+
+  // CHECK: define{{.*}}allocateE{{.}}PKv
+  // CHECK-NOT: llvm.type.test
+  T *allocate(size_t sz, const void *ptr) {
+    return (T*)::operator new(sz);
+  }
+
+  // CHECK: define{{.*}}differentName
+  // CHECK: llvm.type.test
+  T *differentName(size_t sz, const void *ptr) {
+    return (T*)::operator new(sz);
+  }
+};
+
+class C1 {
+  virtual void f() {}
+};
+
+C1 *f1() {
+  myalloc<C1> allocator;
+  (void)allocator.allocate(16);
+  (void)allocator.allocate(16, 0);
+  (void)allocator.differentName(16, 0);
+}