pcc updated this revision to Diff 52759.
pcc added a comment.
- New implementation
http://reviews.llvm.org/D18635
Files:
docs/ControlFlowIntegrity.rst
docs/LTOVisibility.rst
docs/UsersManual.rst
docs/index.rst
include/clang/Basic/Attr.td
include/clang/Basic/AttrDocs.td
include/clang/Driver/CC1Options.td
include/clang/Driver/Options.td
include/clang/Frontend/CodeGenOptions.def
include/clang/Frontend/CodeGenOptions.h
lib/CodeGen/CGClass.cpp
lib/CodeGen/CGVTables.cpp
lib/CodeGen/CodeGenModule.cpp
lib/CodeGen/CodeGenModule.h
lib/CodeGen/MicrosoftCXXABI.cpp
lib/Driver/SanitizerArgs.cpp
lib/Driver/Tools.cpp
lib/Frontend/CompilerInvocation.cpp
lib/Sema/SemaDeclAttr.cpp
runtime/CMakeLists.txt
runtime/vtables_blacklist.txt
test/CodeGenCXX/bitset-blacklist.cpp
test/CodeGenCXX/bitset-inference.cpp
test/CodeGenCXX/bitsets.cpp
test/CodeGenCXX/cfi-blacklist.cpp
test/CodeGenCXX/cfi-cast.cpp
test/CodeGenCXX/cfi-nvcall.cpp
test/CodeGenCXX/cfi-stats.cpp
test/Driver/cl-runtime-flags.c
test/Driver/fsanitize.c
test/Driver/whole-program-vtables.c
test/Frontend/dependency-gen.c
test/SemaCXX/attr-lto-visibility-default.cpp
utils/TableGen/ClangAttrEmitter.cpp
Index: utils/TableGen/ClangAttrEmitter.cpp
===================================================================
--- utils/TableGen/ClangAttrEmitter.cpp
+++ utils/TableGen/ClangAttrEmitter.cpp
@@ -2527,6 +2527,7 @@
case ObjCProtocol | ObjCInterface:
return "ExpectedObjectiveCInterfaceOrProtocol";
case Field | Var: return "ExpectedFieldOrGlobalVar";
+ case GenericRecord | Namespace: return "ExpectedRecordOrNamespace";
}
PrintFatalError(S.getLoc(),
Index: test/SemaCXX/attr-lto-visibility-default.cpp
===================================================================
--- /dev/null
+++ test/SemaCXX/attr-lto-visibility-default.cpp
@@ -0,0 +1,14 @@
+// RUN: %clang_cc1 -std=c++11 -fsyntax-only -verify %s
+
+int i [[clang::lto_visibility_default]]; // expected-warning {{'lto_visibility_default' attribute only applies to struct, union or class}}
+typedef int t [[clang::lto_visibility_default]]; // expected-warning {{'lto_visibility_default' attribute only applies to struct, union or class}}
+[[clang::lto_visibility_default]] void f(); // expected-warning {{'lto_visibility_default' attribute only applies to struct, union or class}}
+void f() [[clang::lto_visibility_default]]; // expected-error {{'lto_visibility_default' attribute cannot be applied to types}}
+
+struct [[clang::lto_visibility_default]] s1 {
+ int i [[clang::lto_visibility_default]]; // expected-warning {{'lto_visibility_default' attribute only applies to struct, union or class}}
+ [[clang::lto_visibility_default]] void f(); // expected-warning {{'lto_visibility_default' attribute only applies to struct, union or class}}
+};
+
+struct [[clang::lto_visibility_default(1)]] s2 { // expected-error {{'lto_visibility_default' attribute takes no arguments}}
+};
Index: test/Frontend/dependency-gen.c
===================================================================
--- test/Frontend/dependency-gen.c
+++ test/Frontend/dependency-gen.c
@@ -21,7 +21,7 @@
// RUN: %clang -MD -MF - %s -fsyntax-only -I ./ | FileCheck -check-prefix=CHECK-SIX %s
// CHECK-SIX: {{ }}x.h
// RUN: echo "fun:foo" > %t.blacklist
-// RUN: %clang -MD -MF - %s -fsyntax-only -fsanitize=cfi-vcall -flto -fsanitize-blacklist=%t.blacklist -I ./ | FileCheck -check-prefix=CHECK-SEVEN %s
+// RUN: %clang -MD -MF - %s -fsyntax-only -fsanitize=cfi-vcall -flto -fvisibility=hidden -fsanitize-blacklist=%t.blacklist -I ./ | FileCheck -check-prefix=CHECK-SEVEN %s
// CHECK-SEVEN: .blacklist
// CHECK-SEVEN: {{ }}x.h
#ifndef INCLUDE_FLAG_TEST
Index: test/Driver/whole-program-vtables.c
===================================================================
--- test/Driver/whole-program-vtables.c
+++ test/Driver/whole-program-vtables.c
@@ -1,11 +1,2 @@
// RUN: %clang -target x86_64-unknown-linux -fwhole-program-vtables -### %s 2>&1 | FileCheck --check-prefix=NO-LTO %s
// NO-LTO: invalid argument '-fwhole-program-vtables' only allowed with '-flto'
-
-// RUN: %clang -target x86_64-unknown-linux -resource-dir=%S/Inputs/resource_dir -flto -fwhole-program-vtables -### -c %s 2>&1 | FileCheck --check-prefix=BLACKLIST %s
-// BLACKLIST: "-fwhole-program-vtables-blacklist={{.*}}vtables_blacklist.txt"
-
-// RUN: %clang -target x86_64-unknown-linux -fwhole-program-vtables-blacklist=nonexistent.txt -flto -fwhole-program-vtables -### -c %s 2>&1 | FileCheck --check-prefix=NON-EXISTENT-BLACKLIST %s
-// NON-EXISTENT-BLACKLIST: no such file or directory: 'nonexistent.txt'
-
-// RUN: %clang -target x86_64-unknown-linux -fwhole-program-vtables-blacklist=%S/Inputs/resource_dir/vtables_blacklist.txt -flto -fwhole-program-vtables -### -c %s 2>&1 | FileCheck --check-prefix=CUSTOM-BLACKLIST %s
-// CUSTOM-BLACKLIST: "-fwhole-program-vtables-blacklist={{.*}}Inputs/resource_dir/vtables_blacklist.txt"
Index: test/Driver/fsanitize.c
===================================================================
--- test/Driver/fsanitize.c
+++ test/Driver/fsanitize.c
@@ -256,21 +256,27 @@
// RUN: %clang -target i386-pc-openbsd -fsanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-OPENBSD
// CHECK-ASAN-OPENBSD: unsupported option '-fsanitize=address' for target 'i386-pc-openbsd'
-// RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI
-// RUN: %clang -target x86_64-apple-darwin10 -fsanitize=cfi -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI
-// RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi-derived-cast -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-DCAST
-// RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi-unrelated-cast -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-UCAST
-// RUN: %clang -target x86_64-linux-gnu -flto -fsanitize=cfi-nvcall -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NVCALL
-// RUN: %clang -target x86_64-linux-gnu -flto -fsanitize=cfi-vcall -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-VCALL
+// RUN: %clang -target x86_64-linux-gnu -fvisibility=hidden -fsanitize=cfi -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI
+// RUN: %clang -target x86_64-apple-darwin10 -fvisibility=hidden -fsanitize=cfi -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI
+// RUN: %clang -target x86_64-linux-gnu -fvisibility=hidden -fsanitize=cfi-derived-cast -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-DCAST
+// RUN: %clang -target x86_64-linux-gnu -fvisibility=hidden -fsanitize=cfi-unrelated-cast -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-UCAST
+// RUN: %clang -target x86_64-linux-gnu -flto -fvisibility=hidden -fsanitize=cfi-nvcall -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NVCALL
+// RUN: %clang -target x86_64-linux-gnu -flto -fvisibility=hidden -fsanitize=cfi-vcall -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-VCALL
// CHECK-CFI: -emit-llvm-bc{{.*}}-fsanitize=cfi-derived-cast,cfi-icall,cfi-unrelated-cast,cfi-nvcall,cfi-vcall
// CHECK-CFI-DCAST: -emit-llvm-bc{{.*}}-fsanitize=cfi-derived-cast
// CHECK-CFI-UCAST: -emit-llvm-bc{{.*}}-fsanitize=cfi-unrelated-cast
// CHECK-CFI-NVCALL: -emit-llvm-bc{{.*}}-fsanitize=cfi-nvcall
// CHECK-CFI-VCALL: -emit-llvm-bc{{.*}}-fsanitize=cfi-vcall
-// RUN: %clang -target x86_64-linux-gnu -flto -fsanitize=cfi-derived-cast -fno-lto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NOLTO
+// RUN: %clang -target x86_64-linux-gnu -fvisibility=hidden -flto -fsanitize=cfi-derived-cast -fno-lto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NOLTO
// CHECK-CFI-NOLTO: '-fsanitize=cfi-derived-cast' only allowed with '-flto'
+// RUN: %clang -target x86_64-linux-gnu -flto -fsanitize=cfi-derived-cast -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NOVIS
+// CHECK-CFI-NOVIS: '-fsanitize=cfi-derived-cast' only allowed with '-fvisibility='
+
+// RUN: %clang -target x86_64-pc-win32 -flto -fsanitize=cfi-derived-cast -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-NOVIS-WIN
+// CHECK-CFI-NOVIS-WIN-NOT: only allowed with
+
// RUN: %clang -target mips-unknown-linux -fsanitize=cfi-icall %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-ICALL-MIPS
// CHECK-CFI-ICALL-MIPS: unsupported option '-fsanitize=cfi-icall' for target 'mips-unknown-linux'
Index: test/Driver/cl-runtime-flags.c
===================================================================
--- test/Driver/cl-runtime-flags.c
+++ test/Driver/cl-runtime-flags.c
@@ -13,14 +13,16 @@
// CHECK-MT-NOT: "-D_DEBUG"
// CHECK-MT: "-D_MT"
// CHECK-MT-NOT: "-D_DLL"
+// CHECK-MT: "-flto-visibility-default-std"
// CHECK-MT: "--dependent-lib=libcmt"
// CHECK-MT: "--dependent-lib=oldnames"
// RUN: %clang_cl -### /MTd -- %s 2>&1 | FileCheck -check-prefix=CHECK-MTd %s
// RUN: %clang_cl -### /LD /MTd -- %s 2>&1 | FileCheck -check-prefix=CHECK-MTd %s
// CHECK-MTd: "-D_DEBUG"
// CHECK-MTd: "-D_MT"
// CHECK-MTd-NOT: "-D_DLL"
+// CHECK-MTd: "-flto-visibility-default-std"
// CHECK-MTd: "--dependent-lib=libcmtd"
// CHECK-MTd: "--dependent-lib=oldnames"
Index: test/CodeGenCXX/cfi-stats.cpp
===================================================================
--- test/CodeGenCXX/cfi-stats.cpp
+++ test/CodeGenCXX/cfi-stats.cpp
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-vcall,cfi-nvcall,cfi-derived-cast,cfi-unrelated-cast,cfi-icall -fsanitize-stats -emit-llvm -o - %s | FileCheck --check-prefix=CHECK %s
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -fvisibility hidden -fsanitize=cfi-vcall,cfi-nvcall,cfi-derived-cast,cfi-unrelated-cast,cfi-icall -fsanitize-stats -emit-llvm -o - %s | FileCheck --check-prefix=CHECK %s
// CHECK: [[STATS:@[^ ]*]] = internal global { i8*, i32, [5 x [2 x i8*]] } { i8* null, i32 5, [5 x [2 x i8*]]
// CHECK: {{\[\[}}2 x i8*] zeroinitializer,
Index: test/CodeGenCXX/cfi-nvcall.cpp
===================================================================
--- test/CodeGenCXX/cfi-nvcall.cpp
+++ test/CodeGenCXX/cfi-nvcall.cpp
@@ -1,5 +1,5 @@
-// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-nvcall -emit-llvm -o - %s | FileCheck %s
-// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-nvcall,cfi-cast-strict -emit-llvm -o - %s | FileCheck --check-prefix=CHECK-STRICT %s
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -fvisibility hidden -fsanitize=cfi-nvcall -emit-llvm -o - %s | FileCheck %s
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -fvisibility hidden -fsanitize=cfi-nvcall,cfi-cast-strict -emit-llvm -o - %s | FileCheck --check-prefix=CHECK-STRICT %s
struct A {
virtual void f();
Index: test/CodeGenCXX/cfi-cast.cpp
===================================================================
--- test/CodeGenCXX/cfi-cast.cpp
+++ test/CodeGenCXX/cfi-cast.cpp
@@ -1,6 +1,6 @@
-// RUN: %clang_cc1 -triple x86_64-unknown-linux -std=c++11 -fsanitize=cfi-derived-cast -fsanitize-trap=cfi-derived-cast -emit-llvm -o - %s | FileCheck -check-prefix=CHECK-DCAST %s
-// RUN: %clang_cc1 -triple x86_64-unknown-linux -std=c++11 -fsanitize=cfi-unrelated-cast -fsanitize-trap=cfi-unrelated-cast -emit-llvm -o - %s | FileCheck -check-prefix=CHECK-UCAST %s
-// RUN: %clang_cc1 -triple x86_64-unknown-linux -std=c++11 -fsanitize=cfi-unrelated-cast,cfi-cast-strict -fsanitize-trap=cfi-unrelated-cast,cfi-cast-strict -emit-llvm -o - %s | FileCheck -check-prefix=CHECK-UCAST-STRICT %s
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -fvisibility hidden -std=c++11 -fsanitize=cfi-derived-cast -fsanitize-trap=cfi-derived-cast -emit-llvm -o - %s | FileCheck -check-prefix=CHECK-DCAST %s
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -fvisibility hidden -std=c++11 -fsanitize=cfi-unrelated-cast -fsanitize-trap=cfi-unrelated-cast -emit-llvm -o - %s | FileCheck -check-prefix=CHECK-UCAST %s
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -fvisibility hidden -std=c++11 -fsanitize=cfi-unrelated-cast,cfi-cast-strict -fsanitize-trap=cfi-unrelated-cast,cfi-cast-strict -emit-llvm -o - %s | FileCheck -check-prefix=CHECK-UCAST-STRICT %s
// In this test the main thing we are searching for is something like
// 'metadata !"1B"' where "1B" is the mangled name of the class we are
@@ -17,7 +17,7 @@
struct C : A {};
-// CHECK-DCAST-LABEL: define void @_Z3abpP1A
+// CHECK-DCAST-LABEL: define hidden void @_Z3abpP1A
void abp(A *a) {
// CHECK-DCAST: [[P:%[^ ]*]] = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"_ZTS1B")
// CHECK-DCAST-NEXT: br i1 [[P]], label %[[CONTBB:[^ ]*]], label %[[TRAPBB:[^ ,]*]]
@@ -31,7 +31,7 @@
(void)static_cast<B*>(a);
}
-// CHECK-DCAST-LABEL: define void @_Z3abrR1A
+// CHECK-DCAST-LABEL: define hidden void @_Z3abrR1A
void abr(A &a) {
// CHECK-DCAST: [[P:%[^ ]*]] = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"_ZTS1B")
// CHECK-DCAST-NEXT: br i1 [[P]], label %[[CONTBB:[^ ]*]], label %[[TRAPBB:[^ ,]*]]
@@ -45,7 +45,7 @@
(void)static_cast<B&>(a);
}
-// CHECK-DCAST-LABEL: define void @_Z4abrrO1A
+// CHECK-DCAST-LABEL: define hidden void @_Z4abrrO1A
void abrr(A &&a) {
// CHECK-DCAST: [[P:%[^ ]*]] = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"_ZTS1B")
// CHECK-DCAST-NEXT: br i1 [[P]], label %[[CONTBB:[^ ]*]], label %[[TRAPBB:[^ ,]*]]
@@ -59,7 +59,7 @@
(void)static_cast<B&&>(a);
}
-// CHECK-UCAST-LABEL: define void @_Z3vbpPv
+// CHECK-UCAST-LABEL: define hidden void @_Z3vbpPv
void vbp(void *p) {
// CHECK-UCAST: [[P:%[^ ]*]] = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"_ZTS1B")
// CHECK-UCAST-NEXT: br i1 [[P]], label %[[CONTBB:[^ ]*]], label %[[TRAPBB:[^ ,]*]]
@@ -73,7 +73,7 @@
(void)static_cast<B*>(p);
}
-// CHECK-UCAST-LABEL: define void @_Z3vbrRc
+// CHECK-UCAST-LABEL: define hidden void @_Z3vbrRc
void vbr(char &r) {
// CHECK-UCAST: [[P:%[^ ]*]] = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"_ZTS1B")
// CHECK-UCAST-NEXT: br i1 [[P]], label %[[CONTBB:[^ ]*]], label %[[TRAPBB:[^ ,]*]]
@@ -87,7 +87,7 @@
(void)reinterpret_cast<B&>(r);
}
-// CHECK-UCAST-LABEL: define void @_Z4vbrrOc
+// CHECK-UCAST-LABEL: define hidden void @_Z4vbrrOc
void vbrr(char &&r) {
// CHECK-UCAST: [[P:%[^ ]*]] = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"_ZTS1B")
// CHECK-UCAST-NEXT: br i1 [[P]], label %[[CONTBB:[^ ]*]], label %[[TRAPBB:[^ ,]*]]
@@ -101,32 +101,32 @@
(void)reinterpret_cast<B&&>(r);
}
-// CHECK-UCAST-LABEL: define void @_Z3vcpPv
-// CHECK-UCAST-STRICT-LABEL: define void @_Z3vcpPv
+// CHECK-UCAST-LABEL: define hidden void @_Z3vcpPv
+// CHECK-UCAST-STRICT-LABEL: define hidden void @_Z3vcpPv
void vcp(void *p) {
// CHECK-UCAST: call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"_ZTS1A")
// CHECK-UCAST-STRICT: call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"_ZTS1C")
(void)static_cast<C*>(p);
}
-// CHECK-UCAST-LABEL: define void @_Z3bcpP1B
-// CHECK-UCAST-STRICT-LABEL: define void @_Z3bcpP1B
+// CHECK-UCAST-LABEL: define hidden void @_Z3bcpP1B
+// CHECK-UCAST-STRICT-LABEL: define hidden void @_Z3bcpP1B
void bcp(B *p) {
// CHECK-UCAST: call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"_ZTS1A")
// CHECK-UCAST-STRICT: call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"_ZTS1C")
(void)(C *)p;
}
-// CHECK-UCAST-LABEL: define void @_Z8bcp_callP1B
-// CHECK-UCAST-STRICT-LABEL: define void @_Z8bcp_callP1B
+// CHECK-UCAST-LABEL: define hidden void @_Z8bcp_callP1B
+// CHECK-UCAST-STRICT-LABEL: define hidden void @_Z8bcp_callP1B
void bcp_call(B *p) {
// CHECK-UCAST: call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"_ZTS1A")
// CHECK-UCAST-STRICT: call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"_ZTS1C")
((C *)p)->f();
}
-// CHECK-UCAST-LABEL: define i32 @_Z6a_callP1A
-// CHECK-UCAST-STRICT-LABEL: define i32 @_Z6a_callP1A
+// CHECK-UCAST-LABEL: define hidden i32 @_Z6a_callP1A
+// CHECK-UCAST-STRICT-LABEL: define hidden i32 @_Z6a_callP1A
int a_call(A *a) {
// CHECK-UCAST-NOT: @llvm.bitset.test
// CHECK-UCAST-STRICT-NOT: @llvm.bitset.test
Index: test/CodeGenCXX/cfi-blacklist.cpp
===================================================================
--- /dev/null
+++ test/CodeGenCXX/cfi-blacklist.cpp
@@ -0,0 +1,29 @@
+// RUN: %clang_cc1 -fvisibility hidden -fms-extensions -fsanitize=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=NOBL %s
+// RUN: echo "type:std::*" > %t.txt
+// RUN: %clang_cc1 -fvisibility hidden -fms-extensions -fsanitize=cfi-vcall -fsanitize-blacklist=%t.txt -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=NOSTD %s
+
+struct S1 {
+ virtual void f();
+};
+
+namespace std {
+
+struct S2 {
+ virtual void f();
+};
+
+}
+
+// CHECK: define{{.*}}s1f
+// NOBL: llvm.bitset.test
+// NOSTD: llvm.bitset.test
+void s1f(S1 *s1) {
+ s1->f();
+}
+
+// CHECK: define{{.*}}s2f
+// NOBL: llvm.bitset.test
+// NOSTD-NOT: llvm.bitset.test
+void s2f(std::S2 *s2) {
+ s2->f();
+}
Index: test/CodeGenCXX/bitsets.cpp
===================================================================
--- test/CodeGenCXX/bitsets.cpp
+++ test/CodeGenCXX/bitsets.cpp
@@ -1,11 +1,11 @@
// Tests for the cfi-vcall feature:
-// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-vcall -fsanitize-trap=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CFI --check-prefix=ITANIUM --check-prefix=ITANIUM-NDIAG --check-prefix=NDIAG %s
-// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CFI --check-prefix=ITANIUM --check-prefix=ITANIUM-DIAG --check-prefix=DIAG --check-prefix=DIAG-ABORT %s
-// RUN: %clang_cc1 -triple x86_64-unknown-linux -fsanitize=cfi-vcall -fsanitize-recover=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CFI --check-prefix=ITANIUM --check-prefix=DIAG --check-prefix=DIAG-RECOVER %s
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -fvisibility hidden -fsanitize=cfi-vcall -fsanitize-trap=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CFI --check-prefix=ITANIUM --check-prefix=ITANIUM-NDIAG --check-prefix=NDIAG %s
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -fvisibility hidden -fsanitize=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CFI --check-prefix=ITANIUM --check-prefix=ITANIUM-DIAG --check-prefix=DIAG --check-prefix=DIAG-ABORT %s
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -fvisibility hidden -fsanitize=cfi-vcall -fsanitize-recover=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CFI --check-prefix=ITANIUM --check-prefix=DIAG --check-prefix=DIAG-RECOVER %s
// RUN: %clang_cc1 -triple x86_64-pc-windows-msvc -fsanitize=cfi-vcall -fsanitize-trap=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CFI --check-prefix=MS --check-prefix=NDIAG %s
// Tests for the whole-program-vtables feature:
-// RUN: %clang_cc1 -triple x86_64-unknown-linux -fwhole-program-vtables -emit-llvm -o - %s | FileCheck --check-prefix=VTABLE-OPT --check-prefix=ITANIUM %s
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -fvisibility hidden -fwhole-program-vtables -emit-llvm -o - %s | FileCheck --check-prefix=VTABLE-OPT --check-prefix=ITANIUM %s
// RUN: %clang_cc1 -triple x86_64-pc-windows-msvc -fwhole-program-vtables -emit-llvm -o - %s | FileCheck --check-prefix=VTABLE-OPT --check-prefix=MS %s
// MS: @[[VTA:[0-9]*]] {{.*}} comdat($"\01??_7A@@6B@")
@@ -62,7 +62,7 @@
// DIAG: @[[TYPE:.*]] = private unnamed_addr constant { i16, i16, [4 x i8] } { i16 -1, i16 0, [4 x i8] c"'A'\00" }
// DIAG: @[[BADTYPESTATIC:.*]] = private unnamed_addr global { i8, { [{{.*}} x i8]*, i32, i32 }, { i16, i16, [4 x i8] }* } { i8 0, { [{{.*}} x i8]*, i32, i32 } { [{{.*}} x i8]* @[[SRC]], i32 [[@LINE+24]], i32 3 }, { i16, i16, [4 x i8] }* @[[TYPE]] }
-// ITANIUM: define void @_Z2afP1A
+// ITANIUM: define hidden void @_Z2afP1A
// MS: define void @"\01?af@@YAXPEAUA@@@Z"
void af(A *a) {
// ITANIUM: [[P:%[^ ]*]] = call i1 @llvm.bitset.test(i8* [[VT:%[^ ]*]], metadata !"_ZTS1A")
@@ -155,7 +155,7 @@
void m_fn1();
};
-// ITANIUM: define void @_ZN5test21fEPNS_1DE
+// ITANIUM: define hidden void @_ZN5test21fEPNS_1DE
// MS: define void @"\01?f@test2@@YAXPEAUD@1@@Z"
void f(D *d) {
// ITANIUM: {{%[^ ]*}} = call i1 @llvm.bitset.test(i8* {{%[^ ]*}}, metadata !"_ZTSN5test21DE")
Index: test/CodeGenCXX/bitset-inference.cpp
===================================================================
--- /dev/null
+++ test/CodeGenCXX/bitset-inference.cpp
@@ -0,0 +1,103 @@
+// RUN: %clang_cc1 -triple x86_64-unknown-linux -std=c++11 -fms-extensions -fvisibility hidden -fwhole-program-vtables -emit-llvm -o - %s | FileCheck --check-prefix=ITANIUM %s
+// RUN: %clang_cc1 -triple x86_64-pc-windows-msvc -std=c++11 -fms-extensions -fwhole-program-vtables -emit-llvm -o - %s | FileCheck --check-prefix=MS --check-prefix=MS-STD %s
+// RUN: %clang_cc1 -triple x86_64-pc-windows-msvc -std=c++11 -fms-extensions -fwhole-program-vtables -flto-visibility-default-std -emit-llvm -o - %s | FileCheck --check-prefix=MS --check-prefix=MS-NOSTD %s
+
+struct C1 {
+ virtual void f();
+};
+
+struct __attribute__((visibility("default"))) C2 {
+ virtual void f();
+};
+
+struct __declspec(dllexport) C3 {
+ virtual void f();
+};
+
+struct __declspec(dllimport) C4 {
+ virtual void f();
+};
+
+struct [[clang::lto_visibility_default]] C5 {
+ virtual void f();
+};
+
+struct __declspec(uuid("00000000-0000-0000-0000-000000000000")) C6 {
+ virtual void f();
+};
+
+namespace std {
+
+struct C7 {
+ virtual void f();
+ struct C8 {
+ virtual void f();
+ };
+};
+
+}
+
+namespace stdext {
+
+struct C9 {
+ virtual void f();
+};
+
+}
+
+namespace other {
+
+struct C10 {
+ virtual void f();
+};
+
+}
+
+namespace {
+
+struct C11 {
+ virtual void f();
+};
+
+}
+
+void f(C1 *c1, C2 *c2, C3 *c3, C4 *c4, C5 *c5, C6 *c6, std::C7 *c7,
+ std::C7::C8 *c8, stdext::C9 *c9, other::C10 *c10) {
+ // ITANIUM: bitset.test{{.*}}!"_ZTS2C1"
+ // MS: bitset.test{{.*}}!"?AUC1@@"
+ c1->f();
+ // ITANIUM-NOT: bitset.test{{.*}}!"_ZTS2C2"
+ // MS: bitset.test{{.*}}!"?AUC2@@"
+ c2->f();
+ // ITANIUM: bitset.test{{.*}}!"_ZTS2C3"
+ // MS-NOT: bitset.test{{.*}}!"?AUC3@@"
+ c3->f();
+ // ITANIUM: bitset.test{{.*}}!"_ZTS2C4"
+ // MS-NOT: bitset.test{{.*}}!"?AUC4@@"
+ c4->f();
+ // ITANIUM-NOT: bitset.test{{.*}}!"_ZTS2C5"
+ // MS-NOT: bitset.test{{.*}}!"?AUC5@@"
+ c5->f();
+ // ITANIUM-NOT: bitset.test{{.*}}!"_ZTS2C6"
+ // MS-NOT: bitset.test{{.*}}!"?AUC6@@"
+ c6->f();
+ // ITANIUM: bitset.test{{.*}}!"_ZTSSt2C7"
+ // MS-STD: bitset.test{{.*}}!"?AUC7@std@@"
+ // MS-NOSTD-NOT: bitset.test{{.*}}!"?AUC7@std@@"
+ c7->f();
+ // ITANIUM: bitset.test{{.*}}!"_ZTSNSt2C72C8E"
+ // MS-STD: bitset.test{{.*}}!"?AUC8@C7@std@@"
+ // MS-NOSTD-NOT: bitset.test{{.*}}!"?AUC8@C7@std@@"
+ c8->f();
+ // ITANIUM: bitset.test{{.*}}!"_ZTSN6stdext2C9E"
+ // MS-STD: bitset.test{{.*}}!"?AUC9@stdext@@"
+ // MS-NOSTD-NOT: bitset.test{{.*}}!"?AUC9@stdext@@"
+ c9->f();
+ // ITANIUM: bitset.test{{.*}}!"_ZTSN5other3C10E"
+ // MS: bitset.test{{.*}}!"?AUC10@other@@"
+ c10->f();
+ // ITANIUM: bitset.test{{.*}}!{{[0-9]}}
+ // MS: bitset.test{{.*}}!{{[0-9]}}
+ C11 *c11;
+ c11->f();
+}
Index: test/CodeGenCXX/bitset-blacklist.cpp
===================================================================
--- test/CodeGenCXX/bitset-blacklist.cpp
+++ /dev/null
@@ -1,32 +0,0 @@
-// RUN: echo "type:attr:uuid" > %t.txt
-// RUN: %clang_cc1 -fms-extensions -fsanitize=cfi-vcall -fsanitize-blacklist=%t.txt -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=NOUUID %s
-// RUN: %clang_cc1 -fms-extensions -fwhole-program-vtables -fwhole-program-vtables-blacklist=%t.txt -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=NOUUID %s
-// RUN: echo "type:std::*" > %t.txt
-// RUN: %clang_cc1 -fms-extensions -fsanitize=cfi-vcall -fsanitize-blacklist=%t.txt -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=NOSTD %s
-// RUN: %clang_cc1 -fms-extensions -fwhole-program-vtables -fwhole-program-vtables-blacklist=%t.txt -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=NOSTD %s
-
-struct __declspec(uuid("00000000-0000-0000-0000-000000000000")) S1 {
- virtual void f();
-};
-
-namespace std {
-
-struct S2 {
- virtual void f();
-};
-
-}
-
-// CHECK: define{{.*}}s1f
-// NOSTD: llvm.bitset.test
-// NOUUID-NOT: llvm.bitset.test
-void s1f(S1 *s1) {
- s1->f();
-}
-
-// CHECK: define{{.*}}s2f
-// NOSTD-NOT: llvm.bitset.test
-// NOUUID: llvm.bitset.test
-void s2f(std::S2 *s2) {
- s2->f();
-}
Index: runtime/vtables_blacklist.txt
===================================================================
--- runtime/vtables_blacklist.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-# Standard library types.
-type:std::*
-
-# The stdext namespace contains Microsoft standard library extensions.
-type:stdext::*
-
-# Types with a uuid attribute, i.e. COM types.
-type:attr:uuid
Index: runtime/CMakeLists.txt
===================================================================
--- runtime/CMakeLists.txt
+++ runtime/CMakeLists.txt
@@ -148,15 +148,3 @@
VERBATIM)
endif()
endif()
-
-set(src "${CMAKE_CURRENT_SOURCE_DIR}/vtables_blacklist.txt")
-set(dst "${LLVM_LIBRARY_OUTPUT_INTDIR}/clang/${CLANG_VERSION}/vtables_blacklist.txt")
-add_custom_command(OUTPUT ${dst}
- DEPENDS ${src}
- COMMAND ${CMAKE_COMMAND} -E copy_if_different ${src} ${dst}
- COMMENT "Copying vtables blacklist")
-add_custom_target(vtables_blacklist DEPENDS ${dst})
-if(TARGET clang)
- add_dependencies(clang vtables_blacklist)
-endif()
-install(FILES ${src} DESTINATION lib${LLVM_LIBDIR_SUFFIX}/clang/${CLANG_VERSION})
Index: lib/Sema/SemaDeclAttr.cpp
===================================================================
--- lib/Sema/SemaDeclAttr.cpp
+++ lib/Sema/SemaDeclAttr.cpp
@@ -5724,6 +5724,9 @@
case AttributeList::AT_InternalLinkage:
handleInternalLinkageAttr(S, D, Attr);
break;
+ case AttributeList::AT_LTOVisibilityDefault:
+ handleSimpleAttribute<LTOVisibilityDefaultAttr>(S, D, Attr);
+ break;
// Microsoft attributes:
case AttributeList::AT_MSNoVTable:
Index: lib/Frontend/CompilerInvocation.cpp
===================================================================
--- lib/Frontend/CompilerInvocation.cpp
+++ lib/Frontend/CompilerInvocation.cpp
@@ -482,8 +482,7 @@
Opts.DebugColumnInfo = Args.hasArg(OPT_dwarf_column_info);
Opts.EmitCodeView = Args.hasArg(OPT_gcodeview);
Opts.WholeProgramVTables = Args.hasArg(OPT_fwhole_program_vtables);
- Opts.WholeProgramVTablesBlacklistFiles =
- Args.getAllArgValues(OPT_fwhole_program_vtables_blacklist_EQ);
+ Opts.LTOVisibilityDefaultStd = Args.hasArg(OPT_flto_visibility_default_std);
Opts.SplitDwarfFile = Args.getLastArgValue(OPT_split_dwarf_file);
Opts.DebugTypeExtRefs = Args.hasArg(OPT_dwarf_ext_refs);
Opts.DebugExplicitImport = Triple.isPS4CPU();
Index: lib/Driver/Tools.cpp
===================================================================
--- lib/Driver/Tools.cpp
+++ lib/Driver/Tools.cpp
@@ -4391,32 +4391,6 @@
CmdArgs.push_back("-ffunction-sections");
}
- if (Args.hasFlag(options::OPT_fwhole_program_vtables,
- options::OPT_fno_whole_program_vtables, false)) {
- if (!D.isUsingLTO())
- D.Diag(diag::err_drv_argument_only_allowed_with)
- << "-fwhole-program-vtables"
- << "-flto";
- CmdArgs.push_back("-fwhole-program-vtables");
-
- clang::SmallString<64> Path(D.ResourceDir);
- llvm::sys::path::append(Path, "vtables_blacklist.txt");
- if (llvm::sys::fs::exists(Path)) {
- SmallString<64> BlacklistOpt("-fwhole-program-vtables-blacklist=");
- BlacklistOpt += Path.str();
- CmdArgs.push_back(Args.MakeArgString(BlacklistOpt));
- }
-
- for (const Arg *A :
- Args.filtered(options::OPT_fwhole_program_vtables_blacklist_EQ)) {
- A->claim();
- if (!llvm::sys::fs::exists(A->getValue()))
- D.Diag(clang::diag::err_drv_no_such_file) << A->getValue();
- }
-
- Args.AddAllArgs(CmdArgs, options::OPT_fwhole_program_vtables_blacklist_EQ);
- }
-
if (Args.hasFlag(options::OPT_fdata_sections, options::OPT_fno_data_sections,
UseSeparateSections)) {
CmdArgs.push_back("-fdata-sections");
@@ -5752,6 +5726,17 @@
CmdArgs.push_back(I->getFilename());
}
+ bool WholeProgramVTables =
+ Args.hasFlag(options::OPT_fwhole_program_vtables,
+ options::OPT_fno_whole_program_vtables, false);
+ if (WholeProgramVTables) {
+ if (!D.isUsingLTO())
+ D.Diag(diag::err_drv_argument_only_allowed_with)
+ << "-fwhole-program-vtables"
+ << "-flto";
+ CmdArgs.push_back("-fwhole-program-vtables");
+ }
+
// Finally add the compile command to the compilation.
if (Args.hasArg(options::OPT__SLASH_fallback) &&
Output.getType() == types::TY_Object &&
@@ -6015,11 +6000,13 @@
if (Args.hasArg(options::OPT__SLASH_LDd))
CmdArgs.push_back("-D_DEBUG");
CmdArgs.push_back("-D_MT");
+ CmdArgs.push_back("-flto-visibility-default-std");
FlagForCRT = "--dependent-lib=libcmt";
break;
case options::OPT__SLASH_MTd:
CmdArgs.push_back("-D_DEBUG");
CmdArgs.push_back("-D_MT");
+ CmdArgs.push_back("-flto-visibility-default-std");
FlagForCRT = "--dependent-lib=libcmtd";
break;
default:
Index: lib/Driver/SanitizerArgs.cpp
===================================================================
--- lib/Driver/SanitizerArgs.cpp
+++ lib/Driver/SanitizerArgs.cpp
@@ -39,6 +39,7 @@
TrappingSupported =
(Undefined & ~Vptr) | UnsignedIntegerOverflow | LocalBounds | CFI,
TrappingDefault = CFI,
+ CFIClasses = CFIVCall | CFINVCall | CFIDerivedCast | CFIUnrelatedCast,
};
enum CoverageFeature {
@@ -553,6 +554,14 @@
LinkCXXRuntimes =
Args.hasArg(options::OPT_fsanitize_link_cxx_runtime) || D.CCCIsCXX();
+ // Require -fvisibility= flag on non-Windows if vptr CFI is enabled.
+ if ((Kinds & CFIClasses) && !TC.getTriple().isOSWindows() &&
+ !Args.hasArg(options::OPT_fvisibility_EQ)) {
+ D.Diag(clang::diag::err_drv_argument_only_allowed_with)
+ << lastArgumentForMask(D, Args, Kinds & CFIClasses)
+ << "-fvisibility=";
+ }
+
// Finally, initialize the set of available and recoverable sanitizers.
Sanitizers.Mask |= Kinds;
RecoverableSanitizers.Mask |= RecoverableKinds;
Index: lib/CodeGen/MicrosoftCXXABI.cpp
===================================================================
--- lib/CodeGen/MicrosoftCXXABI.cpp
+++ lib/CodeGen/MicrosoftCXXABI.cpp
@@ -1519,15 +1519,13 @@
: CharUnits::Zero();
if (Info->PathToBaseWithVPtr.empty()) {
- if (!CGM.IsBitSetBlacklistedRecord(RD))
- CGM.CreateVTableBitSetEntry(BitsetsMD, VTable, AddressPoint, RD);
+ CGM.CreateVTableBitSetEntry(BitsetsMD, VTable, AddressPoint, RD);
return;
}
// Add a bitset entry for the least derived base belonging to this vftable.
- if (!CGM.IsBitSetBlacklistedRecord(Info->PathToBaseWithVPtr.back()))
- CGM.CreateVTableBitSetEntry(BitsetsMD, VTable, AddressPoint,
- Info->PathToBaseWithVPtr.back());
+ CGM.CreateVTableBitSetEntry(BitsetsMD, VTable, AddressPoint,
+ Info->PathToBaseWithVPtr.back());
// Add a bitset entry for each derived class that is laid out at the same
// offset as the least derived base.
@@ -1545,12 +1543,11 @@
Offset = VBI->second.VBaseOffset;
if (!Offset.isZero())
return;
- if (!CGM.IsBitSetBlacklistedRecord(DerivedRD))
- CGM.CreateVTableBitSetEntry(BitsetsMD, VTable, AddressPoint, DerivedRD);
+ CGM.CreateVTableBitSetEntry(BitsetsMD, VTable, AddressPoint, DerivedRD);
}
// Finally do the same for the most derived class.
- if (Info->FullOffsetInMDC.isZero() && !CGM.IsBitSetBlacklistedRecord(RD))
+ if (Info->FullOffsetInMDC.isZero())
CGM.CreateVTableBitSetEntry(BitsetsMD, VTable, AddressPoint, RD);
}
Index: lib/CodeGen/CodeGenModule.h
===================================================================
--- lib/CodeGen/CodeGenModule.h
+++ lib/CodeGen/CodeGenModule.h
@@ -490,8 +490,6 @@
/// MDNodes.
llvm::DenseMap<QualType, llvm::Metadata *> MetadataIdMap;
- SanitizerBlacklist WholeProgramVTablesBlacklist;
-
public:
CodeGenModule(ASTContext &C, const HeaderSearchOptions &headersearchopts,
const PreprocessorOptions &ppopts,
@@ -1118,9 +1116,10 @@
/// Returns whether we need bit sets attached to vtables.
bool NeedVTableBitSets();
- /// Returns whether the given record is blacklisted from whole-program
- /// transformations (i.e. CFI or whole-program vtable optimization).
- bool IsBitSetBlacklistedRecord(const CXXRecordDecl *RD);
+ /// Returns whether the given record has hidden LTO visibility and therefore
+ /// may participate in (single-module) CFI and whole-program vtable
+ /// optimization.
+ bool HasHiddenLTOVisibility(const CXXRecordDecl *RD);
/// Emit bit set entries for the given vtable using the given layout if
/// vptr CFI is enabled.
Index: lib/CodeGen/CodeGenModule.cpp
===================================================================
--- lib/CodeGen/CodeGenModule.cpp
+++ lib/CodeGen/CodeGenModule.cpp
@@ -97,9 +97,7 @@
NSConcreteStackBlock(nullptr), BlockObjectAssign(nullptr),
BlockObjectDispose(nullptr), BlockDescriptorType(nullptr),
GenericBlockLiteralType(nullptr), LifetimeStartFn(nullptr),
- LifetimeEndFn(nullptr), SanitizerMD(new SanitizerMetadata(*this)),
- WholeProgramVTablesBlacklist(CGO.WholeProgramVTablesBlacklistFiles,
- C.getSourceManager()) {
+ LifetimeEndFn(nullptr), SanitizerMD(new SanitizerMetadata(*this)) {
// Initialize the type cache.
llvm::LLVMContext &LLVMContext = M.getContext();
Index: lib/CodeGen/CGVTables.cpp
===================================================================
--- lib/CodeGen/CGVTables.cpp
+++ lib/CodeGen/CGVTables.cpp
@@ -910,21 +910,33 @@
getLangOpts().Sanitize.has(SanitizerKind::CFIUnrelatedCast);
}
-bool CodeGenModule::IsBitSetBlacklistedRecord(const CXXRecordDecl *RD) {
- std::string TypeName = RD->getQualifiedNameAsString();
- auto isInBlacklist = [&](const SanitizerBlacklist &BL) {
- if (RD->hasAttr<UuidAttr>() && BL.isBlacklistedType("attr:uuid"))
- return true;
+bool CodeGenModule::HasHiddenLTOVisibility(const CXXRecordDecl *RD) {
+ LinkageInfo LV = RD->getLinkageAndVisibility();
+ if (!isExternallyVisible(LV.getLinkage()))
+ return true;
- return BL.isBlacklistedType(TypeName);
- };
+ if (RD->hasAttr<LTOVisibilityDefaultAttr>() || RD->hasAttr<UuidAttr>())
+ return false;
- return isInBlacklist(WholeProgramVTablesBlacklist) ||
- ((LangOpts.Sanitize.has(SanitizerKind::CFIVCall) ||
- LangOpts.Sanitize.has(SanitizerKind::CFINVCall) ||
- LangOpts.Sanitize.has(SanitizerKind::CFIDerivedCast) ||
- LangOpts.Sanitize.has(SanitizerKind::CFIUnrelatedCast)) &&
- isInBlacklist(getContext().getSanitizerBlacklist()));
+ if (getCodeGenOpts().LTOVisibilityDefaultStd) {
+ const DeclContext *DC = RD;
+ while (1) {
+ auto *D = cast<Decl>(DC);
+ DC = DC->getParent();
+ if (isa<TranslationUnitDecl>(DC)) {
+ if (auto *ND = dyn_cast<NamespaceDecl>(D))
+ if (const IdentifierInfo *II = ND->getIdentifier())
+ if (II->isStr("std") || II->isStr("stdext"))
+ return false;
+ break;
+ }
+ }
+ }
+
+ if (getTriple().isOSBinFormatCOFF())
+ return !RD->hasAttr<DLLExportAttr>() && !RD->hasAttr<DLLImportAttr>();
+ else
+ return LV.getVisibility() == HiddenVisibility;
}
void CodeGenModule::EmitVTableBitSetEntries(llvm::GlobalVariable *VTable,
@@ -938,12 +950,8 @@
typedef std::pair<const CXXRecordDecl *, unsigned> BSEntry;
std::vector<BSEntry> BitsetEntries;
// Create a bit set entry for each address point.
- for (auto &&AP : VTLayout.getAddressPoints()) {
- if (IsBitSetBlacklistedRecord(AP.first.getBase()))
- continue;
-
+ for (auto &&AP : VTLayout.getAddressPoints())
BitsetEntries.push_back(std::make_pair(AP.first.getBase(), AP.second));
- }
// Sort the bit set entries for determinism.
std::sort(BitsetEntries.begin(), BitsetEntries.end(),
Index: lib/CodeGen/CGClass.cpp
===================================================================
--- lib/CodeGen/CGClass.cpp
+++ lib/CodeGen/CGClass.cpp
@@ -2489,7 +2489,7 @@
llvm::Value *VTable,
SourceLocation Loc) {
if (CGM.getCodeGenOpts().WholeProgramVTables &&
- !CGM.IsBitSetBlacklistedRecord(RD)) {
+ CGM.HasHiddenLTOVisibility(RD)) {
llvm::Metadata *MD =
CGM.CreateMetadataIdentifierForType(QualType(RD->getTypeForDecl(), 0));
llvm::Value *BitSetName =
@@ -2565,7 +2565,12 @@
llvm::Value *VTable,
CFITypeCheckKind TCK,
SourceLocation Loc) {
- if (CGM.IsBitSetBlacklistedRecord(RD))
+ if (!CGM.getCodeGenOpts().SanitizeCfiCrossDso &&
+ !CGM.HasHiddenLTOVisibility(RD))
+ return;
+
+ std::string TypeName = RD->getQualifiedNameAsString();
+ if (getContext().getSanitizerBlacklist().isBlacklistedType(TypeName))
return;
SanitizerScope SanScope(this);
Index: include/clang/Frontend/CodeGenOptions.h
===================================================================
--- include/clang/Frontend/CodeGenOptions.h
+++ include/clang/Frontend/CodeGenOptions.h
@@ -202,9 +202,6 @@
/// \brief A list of all -fno-builtin-* function names (e.g., memset).
std::vector<std::string> NoBuiltinFuncs;
- /// List of blacklist files for the whole-program vtable optimization feature.
- std::vector<std::string> WholeProgramVTablesBlacklistFiles;
-
public:
// Define accessors/mutators for code generation options of enumeration type.
#define CODEGENOPT(Name, Bits, Default)
Index: include/clang/Frontend/CodeGenOptions.def
===================================================================
--- include/clang/Frontend/CodeGenOptions.def
+++ include/clang/Frontend/CodeGenOptions.def
@@ -185,6 +185,10 @@
CODEGENOPT(WholeProgramVTables, 1, 0) ///< Whether to apply whole-program
/// vtable optimization.
+/// Whether to use default LTO visibility for entities in std namespace. This is
+/// enabled by clang-cl's /MT and /MTd flags.
+CODEGENOPT(LTOVisibilityDefaultStd, 1, 0)
+
/// The user specified number of registers to be used for integral arguments,
/// or 0 if unspecified.
VALUE_CODEGENOPT(NumRegisterParameters, 32, 0)
Index: include/clang/Driver/Options.td
===================================================================
--- include/clang/Driver/Options.td
+++ include/clang/Driver/Options.td
@@ -1134,9 +1134,6 @@
Flags<[CC1Option]>,
HelpText<"Enables whole-program vtable optimization. Requires -flto">;
def fno_whole_program_vtables : Flag<["-"], "fno-whole-program-vtables">, Group<f_Group>;
-def fwhole_program_vtables_blacklist_EQ : Joined<["-"], "fwhole-program-vtables-blacklist=">,
- Group<f_Group>, Flags<[CC1Option]>,
- HelpText<"Path to a blacklist file for whole-program vtable optimization">;
def fwrapv : Flag<["-"], "fwrapv">, Group<f_Group>, Flags<[CC1Option]>,
HelpText<"Treat signed integer overflow as two's complement">;
def fwritable_strings : Flag<["-"], "fwritable-strings">, Group<f_Group>, Flags<[CC1Option]>,
Index: include/clang/Driver/CC1Options.td
===================================================================
--- include/clang/Driver/CC1Options.td
+++ include/clang/Driver/CC1Options.td
@@ -282,6 +282,9 @@
def fprofile_instrument_use_path_EQ :
Joined<["-"], "fprofile-instrument-use-path=">,
HelpText<"Specify the profile path in PGO use compilation">;
+def flto_visibility_default_std:
+ Flag<["-"], "flto-visibility-default-std">,
+ HelpText<"Use default LTO visibility for classes in std and stdext namespaces">;
//===----------------------------------------------------------------------===//
// Dependency Output Options
Index: include/clang/Basic/AttrDocs.td
===================================================================
--- include/clang/Basic/AttrDocs.td
+++ include/clang/Basic/AttrDocs.td
@@ -2341,3 +2341,10 @@
string argument which is the message to display when emitting the warning.
}];
}
+
+def LTOVisibilityDocs : Documentation {
+ let Category = DocCatType;
+ let Content = [{
+See :doc:`LTOVisibility`.
+ }];
+}
Index: include/clang/Basic/Attr.td
===================================================================
--- include/clang/Basic/Attr.td
+++ include/clang/Basic/Attr.td
@@ -1604,6 +1604,12 @@
let Documentation = [Undocumented];
}
+def LTOVisibilityDefault : InheritableAttr {
+ let Spellings = [CXX11<"clang", "lto_visibility_default">];
+ let Subjects = SubjectList<[Record]>;
+ let Documentation = [LTOVisibilityDocs];
+}
+
def AnyX86Interrupt : InheritableAttr, TargetSpecificAttr<TargetAnyX86> {
// NOTE: If you add any additional spellings, ARMInterrupt's,
// MSP430Interrupt's and MipsInterrupt's spellings must match.
Index: docs/index.rst
===================================================================
--- docs/index.rst
+++ docs/index.rst
@@ -31,6 +31,7 @@
SanitizerStats
SanitizerSpecialCaseList
ControlFlowIntegrity
+ LTOVisibility
SafeStack
Modules
MSVCCompatibility
Index: docs/UsersManual.rst
===================================================================
--- docs/UsersManual.rst
+++ docs/UsersManual.rst
@@ -1056,17 +1056,8 @@
.. option:: -fwhole-program-vtables
Enable whole-program vtable optimizations, such as single-implementation
- devirtualization and virtual constant propagation. Requires ``-flto``.
-
- By default, the compiler will assume that all type hierarchies are
- closed except those in the ``std`` namespace, the ``stdext`` namespace
- and classes with the ``__declspec(uuid())`` attribute.
-
-.. option:: -fwhole-program-vtables-blacklist=path
-
- Allows the user to specify the path to a list of additional classes to
- blacklist from whole-program vtable optimizations. This list is in the
- :ref:`CFI blacklist <cfi-blacklist>` format.
+ devirtualization and virtual constant propagation, for classes with internal
+ linkage or :doc:`hidden LTO visibility <LTOVisibility>`. Requires ``-flto``.
.. option:: -fno-assume-sane-operator-new
Index: docs/LTOVisibility.rst
===================================================================
--- /dev/null
+++ docs/LTOVisibility.rst
@@ -0,0 +1,43 @@
+==============
+LTO Visibility
+==============
+
+LTO visibility is a concept used by the compiler to determine which classes
+the virtual function call optimization and control flow integrity features
+apply to. These features use whole-program information, so they require
+visibility of entire class hierarchies to work correctly.
+
+It is effectively an ODR violation to declare a class with hidden LTO
+visibility in multiple linkage units, or to declare such a class in an
+translation unit not built with LTO. A class with default LTO visibility
+has no such restrictions, but the tradeoff is that the virtual function
+call optimization and control flow integrity features can only be applied to
+classes with internal linkage (e.g. classes declared in unnamed namespaces)
+or classes with LTO visibility.
+
+LTO visibility is based on symbol visibility or, on the Windows platform,
+the dllimport and dllexport attributes. When targeting non-Windows platforms,
+classes with a visibility other than hidden visibility receive default LTO
+visibility. When targeting Windows, classes with dllimport or dllexport
+attributes receive default LTO visibility. All other classes receive hidden
+LTO visibility.
+
+This mechanism will produce the correct result in most cases, but there are
+two cases where it may wrongly infer hidden LTO visibility.
+
+1. If a linkage unit is produced from a combination of LTO object files and
+ non-LTO object files, any classes defined in translation units from which
+ the non-LTO object files were built will require default LTO visibility.
+
+2. Some ABIs provide the ability to define an abstract base class without
+ visibility attributes in multiple linkage units and have virtual calls
+ to derived classes in other linkage units work correctly. One example of
+ this is COM on Windows platforms.
+
+Classes that fall into either of these categories can be marked up with
+the ``[[clang::lto_visibility_default]]`` attribute. To specifically
+handle the COM case, the ``__declspec(uuid())`` attribute implies
+``[[clang::lto_visibility_default]]``. On Windows platforms, the ``/MT`` and
+``/MTd`` flags link the program against a prebuilt static standard library;
+these flags imply default LTO visibility for every class declared in the
+``std`` and `stdext`` namespaces.
Index: docs/ControlFlowIntegrity.rst
===================================================================
--- docs/ControlFlowIntegrity.rst
+++ docs/ControlFlowIntegrity.rst
@@ -25,13 +25,25 @@
so it is required to specify ``-flto``, and the linker used must support LTO,
for example via the `gold plugin`_.
-To allow the checks to be implemented efficiently, the program must be
-structured such that certain object files are compiled with CFI
+To allow the checks to be implemented efficiently, the program must
+be structured such that certain object files are compiled with CFI
enabled, and are statically linked into the program. This may preclude
-the use of shared libraries in some cases. Experimental support for
-:ref:`cross-DSO control flow integrity <cfi-cross-dso>` exists that
-does not have these requirements. This cross-DSO support has unstable
-ABI at this time.
+the use of shared libraries in some cases.
+
+The compiler will only produce CFI checks for a class if it can infer hidden
+LTO visibility for that class. LTO visibility is a property of a class that
+is inferred from flags and attributes. For more details, see the documentation
+for :doc:`LTO visibility <LTOVisibility>`.
+
+The ``-fsanitize=cfi-{vcall,nvcall,derived-cast,unrelated-cast}`` flags
+require that a ``-fvisibility=`` flag also be specified. This is because the
+default visibility setting is ``-fvisibility=default``, which would disable
+CFI checks for classes without visibility attributes. Most users will want
+to specify ``-fvisibility=hidden``, which enables CFI checks for such classes.
+
+Experimental support for :ref:`cross-DSO control flow integrity
+<cfi-cross-dso>` exists that does not require classes to have hidden LTO
+visibility. This cross-DSO support has unstable ABI at this time.
.. _gold plugin: http://llvm.org/docs/GoldPlugin.html
@@ -233,11 +245,6 @@
source files, functions and types using the ``src``, ``fun`` and ``type``
entity types.
-In addition, if a type has a ``uuid`` attribute and the blacklist contains
-the type entry ``attr:uuid``, CFI checks are suppressed for that type. This
-allows all COM types to be easily blacklisted, which is useful as COM types
-are typically defined outside of the linked program.
-
.. code-block:: bash
# Suppress checking for code in a file.
@@ -247,8 +254,6 @@
fun:*MyFooBar*
# Ignore all types in the standard library.
type:std::*
- # Ignore all types with a uuid attribute.
- type:attr:uuid
.. _cfi-cross-dso:
@@ -260,6 +265,11 @@
apply across DSO boundaries. As in the regular CFI, each DSO must be
built with ``-flto``.
+Normally, the compiler will disable CFI checks for classes that do not
+have hidden LTO visibility. With this flag enabled, the compiler will emit
+cross-DSO CFI checks for all classes, except for those which appear in the
+CFI blacklist or which use a ``no_sanitize`` attribute.
+
Design
======
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
