Add control flow integrity diagnosis function to UBSan runtime library.

Also includes execution tests for the feature. Differential Revision: http://reviews.llvm.org/D10269 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@240111 91177308-0d34-0410-b5e6-96231b3b80d8
author: Peter Collingbourne <peter@pcc.me.uk> 2015-06-19 01:52:55 +0000
committer: Peter Collingbourne <peter@pcc.me.uk> 2015-06-19 01:52:55 +0000
commit: 271d42ab6a140f9bb897a49a6aa8627356890aa0 (patch)
tree: 58bd6c8432448d07f4f423d4b5aa9b2618212143 /lib/ubsan/ubsan_handlers_cxx.cc
parent: 7346ebc566c8a9394569951cfaf308eadb200564 (diff)
1 files changed, 38 insertions, 1 deletions
diff --git a/lib/ubsan/ubsan_handlers_cxx.cc b/lib/ubsan/ubsan_handlers_cxx.cc
index b3cda32a9..83b9939d3 100644
--- a/lib/ubsan/ubsan_handlers_cxx.cc
+++ b/lib/ubsan/ubsan_handlers_cxx.cc
@@ -37,7 +37,7 @@ static void HandleDynamicTypeCacheMiss(
     return;
 
   // Check if error report should be suppressed.
-  DynamicTypeInfo DTI = getDynamicTypeInfo((void*)Pointer);
+  DynamicTypeInfo DTI = getDynamicTypeInfoFromObject((void*)Pointer);
   if (DTI.isValid() && IsVptrCheckSuppressed(DTI.getMostDerivedTypeName()))
     return;
 
@@ -82,4 +82,41 @@ void __ubsan::__ubsan_handle_dynamic_type_cache_miss_abort(
   HandleDynamicTypeCacheMiss(Data, Pointer, Hash, Opts);
 }
 
+static void HandleCFIBadType(CFIBadTypeData *Data, ValueHandle Vtable,
+                             ReportOptions Opts) {
+  SourceLocation Loc = Data->Loc.acquire();
+  ScopedReport R(Opts, Loc);
+  DynamicTypeInfo DTI = getDynamicTypeInfoFromVtable((void*)Vtable);
+
+  static const char *TypeCheckKinds[] = {
+    "virtual call",
+    "non-virtual call",
+    "base-to-derived cast",
+    "cast to unrelated type",
+  };
+
+  Diag(Loc, DL_Error, "control flow integrity check for type %0 failed during "
+                      "%1 (vtable address %2)")
+      << Data->Type << TypeCheckKinds[Data->TypeCheckKind] << (void *)Vtable;
+
+  // If possible, say what type it actually points to.
+  if (!DTI.isValid())
+    Diag(Vtable, DL_Note, "invalid vtable");
+  else
+    Diag(Vtable, DL_Note, "vtable is of type %0")
+        << MangledName(DTI.getMostDerivedTypeName());
+}
+
+void __ubsan::__ubsan_handle_cfi_bad_type(CFIBadTypeData *Data,
+                                          ValueHandle Vtable) {
+  GET_REPORT_OPTIONS(false);
+  HandleCFIBadType(Data, Vtable, Opts);
+}
+
+void __ubsan::__ubsan_handle_cfi_bad_type_abort(CFIBadTypeData *Data,
+                                                ValueHandle Vtable) {
+  GET_REPORT_OPTIONS(true);
+  HandleCFIBadType(Data, Vtable, Opts);
+}
+
 #endif  // CAN_SANITIZE_UB
author	Peter Collingbourne <peter@pcc.me.uk>	2015-06-19 01:52:55 +0000
committer	Peter Collingbourne <peter@pcc.me.uk>	2015-06-19 01:52:55 +0000
commit	271d42ab6a140f9bb897a49a6aa8627356890aa0 (patch)
tree	58bd6c8432448d07f4f423d4b5aa9b2618212143 /lib/ubsan/ubsan_handlers_cxx.cc
parent	7346ebc566c8a9394569951cfaf308eadb200564 (diff)