[PAC][clang] Fix address discrimination for type_info vtable pointers #101716

kovdan01 · 2024-08-02T17:10:03Z

In #99726, -fptrauth-type-info-vtable-pointer-discrimination was introduced, which is intended to enable type and address discrimination for type_info vtable pointers.

However, some codegen logic for actually enabling address discrimination is missing. Particularly, in ItaniumRTTIBuilder::BuildVTablePointer (clang/lib/CodeGen/ItaniumCXXABI.cpp), there is the following piece of code:

  if (auto &Schema = CGM.getCodeGenOpts().PointerAuth.CXXTypeInfoVTablePointer)
    VTable = CGM.getConstantSignedPointer(VTable, Schema, nullptr, GlobalDecl(),
                                          QualType(Ty, 0));

Here, nullptr is used as StorageAddress unconditionally, so, address discrimination is not actually enabled even if requested. It caused test-suite failures in several EH-related tests.

I was able to fix that locally by just using a dummy ptr inttoptr (i64 1 to ptr) value as StorageAddress (just like I did with init/fini, see #96478 (comment)), and tests became passing. I'm not sure how to get a proper StorageAddress here, so I've used that dummy placeholder which actually seems to do the job.

An existing test clang/test/CodeGenCXX/ptrauth-type-info-vtable.cpp shows such incorrect behavior. Particularly, in line 55, we have

ptr ptrauth (ptr getelementptr inbounds (ptr, ptr @_ZTVN10__cxxabiv117__class_type_infoE, i64 2), i32 2, i64 [[STDTYPEINFO_DISC]])

This has constant discriminator, but does not have address discrimination, while it should be enabled with -fptrauth-type-info-vtable-pointer-discrimination. The correct output should be smth like (if we use a placeholder value ptr inttoptr (i64 1 to ptr) as storage address)

ptr ptrauth (ptr getelementptr inbounds (ptr, ptr @_ZTVN10__cxxabiv117__class_type_infoE, i64 2), i32 2, i64 [[STDTYPEINFO_DISC]], ptr inttoptr (i64 1 to ptr))

The text was updated successfully, but these errors were encountered:

kovdan01 · 2024-08-02T17:10:23Z

Tagging @asl @ojhunt

llvmbot · 2024-08-02T17:29:02Z

@llvm/issue-subscribers-clang-driver

Author: Daniil Kovalev (kovdan01)

In #99726, `-fptrauth-type-info-vtable-pointer-discrimination` was introduced, which is intended to enable type and address discrimination for type_info vtable pointers.

However, some codegen logic for actually enabling address discrimination is missing. Particularly, in ItaniumRTTIBuilder::BuildVTablePointer (clang/lib/CodeGen/ItaniumCXXABI.cpp), there is the following piece of code:

  if (auto &amp;Schema = CGM.getCodeGenOpts().PointerAuth.CXXTypeInfoVTablePointer)
    VTable = CGM.getConstantSignedPointer(VTable, Schema, nullptr, GlobalDecl(),
                                          QualType(Ty, 0));

Here, nullptr is used as StorageAddress unconditionally, so, address discrimination is not actually enabled even if requested. It caused test-suite failures in several EH-related tests.

I was able to fix that locally by just using a dummy ptr inttoptr (i64 1 to ptr) value as StorageAddress (just like I did with init/fini, see #96478 (comment)), and tests became passing. I'm not sure how to get a proper StorageAddress here, so I've used that dummy placeholder which actually seems to do the job.

An existing test clang/test/CodeGenCXX/ptrauth-type-info-vtable.cpp shows such incorrect behavior. Particularly, in line 55, we have

ptr ptrauth (ptr getelementptr inbounds (ptr, ptr @<!-- -->_ZTVN10__cxxabiv117__class_type_infoE, i64 2), i32 2, i64 [[STDTYPEINFO_DISC]])

This has constant discriminator, but does not have address discrimination, while it should be enabled with -fptrauth-type-info-vtable-pointer-discrimination. The correct output should be smth like (if we use a placeholder value ptr inttoptr (i64 1 to ptr) as storage address)

ptr ptrauth (ptr getelementptr inbounds (ptr, ptr @<!-- -->_ZTVN10__cxxabiv117__class_type_infoE, i64 2), i32 2, i64 [[STDTYPEINFO_DISC]], ptr inttoptr (i64 1 to ptr))

llvmbot · 2024-08-02T17:38:16Z

@llvm/issue-subscribers-bug

Author: Daniil Kovalev (kovdan01)

In #99726, `-fptrauth-type-info-vtable-pointer-discrimination` was introduced, which is intended to enable type and address discrimination for type_info vtable pointers.

However, some codegen logic for actually enabling address discrimination is missing. Particularly, in ItaniumRTTIBuilder::BuildVTablePointer (clang/lib/CodeGen/ItaniumCXXABI.cpp), there is the following piece of code:

  if (auto &amp;Schema = CGM.getCodeGenOpts().PointerAuth.CXXTypeInfoVTablePointer)
    VTable = CGM.getConstantSignedPointer(VTable, Schema, nullptr, GlobalDecl(),
                                          QualType(Ty, 0));

Here, nullptr is used as StorageAddress unconditionally, so, address discrimination is not actually enabled even if requested. It caused test-suite failures in several EH-related tests.

I was able to fix that locally by just using a dummy ptr inttoptr (i64 1 to ptr) value as StorageAddress (just like I did with init/fini, see #96478 (comment)), and tests became passing. I'm not sure how to get a proper StorageAddress here, so I've used that dummy placeholder which actually seems to do the job.

An existing test clang/test/CodeGenCXX/ptrauth-type-info-vtable.cpp shows such incorrect behavior. Particularly, in line 55, we have

ptr ptrauth (ptr getelementptr inbounds (ptr, ptr @<!-- -->_ZTVN10__cxxabiv117__class_type_infoE, i64 2), i32 2, i64 [[STDTYPEINFO_DISC]])

This has constant discriminator, but does not have address discrimination, while it should be enabled with -fptrauth-type-info-vtable-pointer-discrimination. The correct output should be smth like (if we use a placeholder value ptr inttoptr (i64 1 to ptr) as storage address)

ptr ptrauth (ptr getelementptr inbounds (ptr, ptr @<!-- -->_ZTVN10__cxxabiv117__class_type_infoE, i64 2), i32 2, i64 [[STDTYPEINFO_DISC]], ptr inttoptr (i64 1 to ptr))

llvmbot · 2024-08-02T17:38:37Z

@llvm/issue-subscribers-clang-codegen

Author: Daniil Kovalev (kovdan01)

In #99726, `-fptrauth-type-info-vtable-pointer-discrimination` was introduced, which is intended to enable type and address discrimination for type_info vtable pointers.

However, some codegen logic for actually enabling address discrimination is missing. Particularly, in ItaniumRTTIBuilder::BuildVTablePointer (clang/lib/CodeGen/ItaniumCXXABI.cpp), there is the following piece of code:

  if (auto &amp;Schema = CGM.getCodeGenOpts().PointerAuth.CXXTypeInfoVTablePointer)
    VTable = CGM.getConstantSignedPointer(VTable, Schema, nullptr, GlobalDecl(),
                                          QualType(Ty, 0));

Here, nullptr is used as StorageAddress unconditionally, so, address discrimination is not actually enabled even if requested. It caused test-suite failures in several EH-related tests.

I was able to fix that locally by just using a dummy ptr inttoptr (i64 1 to ptr) value as StorageAddress (just like I did with init/fini, see #96478 (comment)), and tests became passing. I'm not sure how to get a proper StorageAddress here, so I've used that dummy placeholder which actually seems to do the job.

An existing test clang/test/CodeGenCXX/ptrauth-type-info-vtable.cpp shows such incorrect behavior. Particularly, in line 55, we have

ptr ptrauth (ptr getelementptr inbounds (ptr, ptr @<!-- -->_ZTVN10__cxxabiv117__class_type_infoE, i64 2), i32 2, i64 [[STDTYPEINFO_DISC]])

This has constant discriminator, but does not have address discrimination, while it should be enabled with -fptrauth-type-info-vtable-pointer-discrimination. The correct output should be smth like (if we use a placeholder value ptr inttoptr (i64 1 to ptr) as storage address)

ptr ptrauth (ptr getelementptr inbounds (ptr, ptr @<!-- -->_ZTVN10__cxxabiv117__class_type_infoE, i64 2), i32 2, i64 [[STDTYPEINFO_DISC]], ptr inttoptr (i64 1 to ptr))

In llvm#99726, `-fptrauth-type-info-vtable-pointer-discrimination` was introduced, which is intended to enable type and address discrimination for type_info vtable pointers. However, some codegen logic for actually enabling address discrimination was missing. This patch addresses the issue. Fixes llvm#101716

kovdan01 added this to Pointer Authentication Tasks Aug 2, 2024

github-actions bot added the clang Clang issues not falling into any other category label Aug 2, 2024

kovdan01 assigned ahmedbougacha Aug 2, 2024

kovdan01 mentioned this issue Aug 2, 2024

[clang] Implement type/address discrimination of type_info vtable. #99726

Merged

EugeneZelenko added clang:driver 'clang' and 'clang++' user-facing binaries. Not 'clang-cl' and removed clang Clang issues not falling into any other category labels Aug 2, 2024

asl added bug Indicates an unexpected problem or unintended behavior and removed clang:driver 'clang' and 'clang++' user-facing binaries. Not 'clang-cl' labels Aug 2, 2024

asl added the clang:codegen IR generation bugs: mangling, exceptions, etc. label Aug 2, 2024

kovdan01 mentioned this issue Aug 6, 2024

[PAC] Fix address discrimination for type info vtable pointers #102199

Merged

kovdan01 closed this as completed in #102199 Oct 18, 2024

kovdan01 closed this as completed in 6bb6300 Oct 18, 2024

github-project-automation bot moved this to Done in Pointer Authentication Tasks Oct 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[PAC][clang] Fix address discrimination for type_info vtable pointers #101716

[PAC][clang] Fix address discrimination for type_info vtable pointers #101716

kovdan01 commented Aug 2, 2024

kovdan01 commented Aug 2, 2024

Uh oh!

llvmbot commented Aug 2, 2024

Uh oh!

llvmbot commented Aug 2, 2024

Uh oh!

llvmbot commented Aug 2, 2024

Uh oh!

[PAC][clang] Fix address discrimination for type_info vtable pointers #101716

[PAC][clang] Fix address discrimination for type_info vtable pointers #101716

Comments

kovdan01 commented Aug 2, 2024

kovdan01 commented Aug 2, 2024

Uh oh!

llvmbot commented Aug 2, 2024

Uh oh!

llvmbot commented Aug 2, 2024

Uh oh!

llvmbot commented Aug 2, 2024

Uh oh!