Author: Ahmed Bougacha Date: 2024-06-20T11:55:41-07:00 New Revision: 50b919378186ebb59e2dd402720f6ea8576d2477
URL: https://github.com/llvm/llvm-project/commit/50b919378186ebb59e2dd402720f6ea8576d2477 DIFF: https://github.com/llvm/llvm-project/commit/50b919378186ebb59e2dd402720f6ea8576d2477.diff LOG: [clang] Define ptrauth_string_discriminator builtin. (#93903) This exposes the ABI-stable hash function that allows computing a 16-bit discriminator from a constant string. This allows manually matching the implicit string discriminators computed in the ABI (e.g., from mangled names for vtable pointer/entry signing), as well as enabling the use of interesting discriminators when manually annotating specific pointers with the __ptrauth qualifier. The argument must be a string literal of char character type. The result has type ptrauth_extra_data_t. The result value is never zero and always within range for both the __ptrauth qualifier and ptrauth_blend_discriminator. This can be used in constant expressions. Co-authored-by: John McCall <rjmcc...@apple.com> Added: Modified: clang/docs/PointerAuthentication.rst clang/include/clang/Basic/Builtins.td clang/include/clang/Basic/DiagnosticSemaKinds.td clang/lib/AST/ExprConstant.cpp clang/lib/Headers/ptrauth.h clang/lib/Sema/SemaChecking.cpp clang/test/CodeGen/ptrauth-intrinsics.c clang/test/Sema/ptrauth-intrinsics-macro.c clang/test/Sema/ptrauth.c Removed: ################################################################################ diff --git a/clang/docs/PointerAuthentication.rst b/clang/docs/PointerAuthentication.rst index 19b3384293aed..130e6571a7bdb 100644 --- a/clang/docs/PointerAuthentication.rst +++ b/clang/docs/PointerAuthentication.rst @@ -328,6 +328,23 @@ be done in a single instruction with an immediate integer. ``pointer`` must have pointer type, and ``integer`` must have integer type. The result has type ``ptrauth_extra_data_t``. +``ptrauth_string_discriminator`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: c + + ptrauth_string_discriminator(string) + +Compute a constant discriminator from the given string. + +``string`` must be a string literal of ``char`` character type. The result has +type ``ptrauth_extra_data_t``. + +The result value is never zero and always within range for both the +``__ptrauth`` qualifier and ``ptrauth_blend_discriminator``. + +This can be used in constant expressions. + ``ptrauth_strip`` ^^^^^^^^^^^^^^^^^ diff --git a/clang/include/clang/Basic/Builtins.td b/clang/include/clang/Basic/Builtins.td index 7bef5fd7ad40f..e07ddf3b9b70b 100644 --- a/clang/include/clang/Basic/Builtins.td +++ b/clang/include/clang/Basic/Builtins.td @@ -4411,6 +4411,12 @@ def PtrauthAuth : Builtin { let Prototype = "void*(void*,int,void*)"; } +def PtrauthStringDiscriminator : Builtin { + let Spellings = ["__builtin_ptrauth_string_discriminator"]; + let Attributes = [NoThrow, Const, Constexpr]; + let Prototype = "size_t(char const*)"; +} + // OpenCL v2.0 s6.13.16, s9.17.3.5 - Pipe functions. // We need the generic prototype, since the packet type could be anything. def ReadPipe : OCLPipeLangBuiltin { diff --git a/clang/include/clang/Basic/DiagnosticSemaKinds.td b/clang/include/clang/Basic/DiagnosticSemaKinds.td index 9defaed8b36a7..043d73d223376 100644 --- a/clang/include/clang/Basic/DiagnosticSemaKinds.td +++ b/clang/include/clang/Basic/DiagnosticSemaKinds.td @@ -930,6 +930,8 @@ def warn_ptrauth_sign_null_pointer : def warn_ptrauth_auth_null_pointer : Warning<"authenticating a null pointer will almost certainly trap">, InGroup<PtrAuthNullPointers>; +def err_ptrauth_string_not_literal : Error< + "argument must be a string literal%select{| of char type}0">; /// main() // static main() is not an error in C, just in C++. diff --git a/clang/lib/AST/ExprConstant.cpp b/clang/lib/AST/ExprConstant.cpp index 8124069cdf805..0576516608ddd 100644 --- a/clang/lib/AST/ExprConstant.cpp +++ b/clang/lib/AST/ExprConstant.cpp @@ -58,6 +58,7 @@ #include "llvm/ADT/StringExtras.h" #include "llvm/Support/Debug.h" #include "llvm/Support/SaveAndRestore.h" +#include "llvm/Support/SipHash.h" #include "llvm/Support/TimeProfiler.h" #include "llvm/Support/raw_ostream.h" #include <cstring> @@ -12633,6 +12634,13 @@ bool IntExprEvaluator::VisitBuiltinCallExpr(const CallExpr *E, case Builtin::BI__builtin_expect_with_probability: return Visit(E->getArg(0)); + case Builtin::BI__builtin_ptrauth_string_discriminator: { + const auto *Literal = + cast<StringLiteral>(E->getArg(0)->IgnoreParenImpCasts()); + uint64_t Result = getPointerAuthStableSipHash(Literal->getString()); + return Success(Result, E); + } + case Builtin::BI__builtin_ffs: case Builtin::BI__builtin_ffsl: case Builtin::BI__builtin_ffsll: { diff --git a/clang/lib/Headers/ptrauth.h b/clang/lib/Headers/ptrauth.h index a9d182aa24470..fd9df16bcc614 100644 --- a/clang/lib/Headers/ptrauth.h +++ b/clang/lib/Headers/ptrauth.h @@ -125,6 +125,19 @@ typedef __UINTPTR_TYPE__ ptrauth_generic_signature_t; #define ptrauth_auth_data(__value, __old_key, __old_data) \ __builtin_ptrauth_auth(__value, __old_key, __old_data) +/* Compute a constant discriminator from the given string. + + The argument must be a string literal of char character type. The result + has type ptrauth_extra_data_t. + + The result value is never zero and always within range for both the + __ptrauth qualifier and ptrauth_blend_discriminator. + + This can be used in constant expressions. +*/ +#define ptrauth_string_discriminator(__string) \ + __builtin_ptrauth_string_discriminator(__string) + /* Compute a signature for the given pair of pointer-sized values. The order of the arguments is significant. @@ -186,6 +199,12 @@ typedef __UINTPTR_TYPE__ ptrauth_generic_signature_t; __value; \ }) +#define ptrauth_string_discriminator(__string) \ + ({ \ + (void)__string; \ + ((ptrauth_extra_data_t)0); \ + }) + #define ptrauth_sign_generic_data(__value, __data) \ ({ \ (void)__value; \ diff --git a/clang/lib/Sema/SemaChecking.cpp b/clang/lib/Sema/SemaChecking.cpp index 07cd0727eb3f4..60a7a383858a2 100644 --- a/clang/lib/Sema/SemaChecking.cpp +++ b/clang/lib/Sema/SemaChecking.cpp @@ -2166,6 +2166,24 @@ static ExprResult PointerAuthAuthAndResign(Sema &S, CallExpr *Call) { return Call; } +static ExprResult PointerAuthStringDiscriminator(Sema &S, CallExpr *Call) { + if (checkPointerAuthEnabled(S, Call)) + return ExprError(); + + // We've already performed normal call type-checking. + const Expr *Arg = Call->getArg(0)->IgnoreParenImpCasts(); + + // Operand must be an ordinary or UTF-8 string literal. + const auto *Literal = dyn_cast<StringLiteral>(Arg); + if (!Literal || Literal->getCharByteWidth() != 1) { + S.Diag(Arg->getExprLoc(), diag::err_ptrauth_string_not_literal) + << (Literal ? 1 : 0) << Arg->getSourceRange(); + return ExprError(); + } + + return Call; +} + static ExprResult BuiltinLaunder(Sema &S, CallExpr *TheCall) { if (S.checkArgCount(TheCall, 1)) return ExprError(); @@ -2933,6 +2951,8 @@ Sema::CheckBuiltinFunctionCall(FunctionDecl *FDecl, unsigned BuiltinID, return PointerAuthSignGenericData(*this, TheCall); case Builtin::BI__builtin_ptrauth_auth_and_resign: return PointerAuthAuthAndResign(*this, TheCall); + case Builtin::BI__builtin_ptrauth_string_discriminator: + return PointerAuthStringDiscriminator(*this, TheCall); // OpenCL v2.0, s6.13.16 - Pipe functions case Builtin::BIread_pipe: case Builtin::BIwrite_pipe: diff --git a/clang/test/CodeGen/ptrauth-intrinsics.c b/clang/test/CodeGen/ptrauth-intrinsics.c index 17f28dddb3801..db37d78553769 100644 --- a/clang/test/CodeGen/ptrauth-intrinsics.c +++ b/clang/test/CodeGen/ptrauth-intrinsics.c @@ -1,11 +1,12 @@ // RUN: %clang_cc1 -triple arm64-apple-ios -fptrauth-intrinsics -emit-llvm %s -o - | FileCheck %s +// RUN: %clang_cc1 -triple aarch64-elf -fptrauth-intrinsics -emit-llvm %s -o - | FileCheck %s void (*fnptr)(void); long int_discriminator; void *ptr_discriminator; long signature; -// CHECK-LABEL: define void @test_auth() +// CHECK-LABEL: define {{.*}}void @test_auth() void test_auth() { // CHECK: [[PTR:%.*]] = load ptr, ptr @fnptr, // CHECK-NEXT: [[DISC0:%.*]] = load ptr, ptr @ptr_discriminator, @@ -17,7 +18,7 @@ void test_auth() { fnptr = __builtin_ptrauth_auth(fnptr, 0, ptr_discriminator); } -// CHECK-LABEL: define void @test_strip() +// CHECK-LABEL: define {{.*}}void @test_strip() void test_strip() { // CHECK: [[PTR:%.*]] = load ptr, ptr @fnptr, // CHECK-NEXT: [[T0:%.*]] = ptrtoint ptr [[PTR]] to i64 @@ -27,7 +28,7 @@ void test_strip() { fnptr = __builtin_ptrauth_strip(fnptr, 0); } -// CHECK-LABEL: define void @test_sign_unauthenticated() +// CHECK-LABEL: define {{.*}}void @test_sign_unauthenticated() void test_sign_unauthenticated() { // CHECK: [[PTR:%.*]] = load ptr, ptr @fnptr, // CHECK-NEXT: [[DISC0:%.*]] = load ptr, ptr @ptr_discriminator, @@ -39,7 +40,7 @@ void test_sign_unauthenticated() { fnptr = __builtin_ptrauth_sign_unauthenticated(fnptr, 0, ptr_discriminator); } -// CHECK-LABEL: define void @test_auth_and_resign() +// CHECK-LABEL: define {{.*}}void @test_auth_and_resign() void test_auth_and_resign() { // CHECK: [[PTR:%.*]] = load ptr, ptr @fnptr, // CHECK-NEXT: [[DISC0:%.*]] = load ptr, ptr @ptr_discriminator, @@ -51,7 +52,7 @@ void test_auth_and_resign() { fnptr = __builtin_ptrauth_auth_and_resign(fnptr, 0, ptr_discriminator, 3, 15); } -// CHECK-LABEL: define void @test_blend_discriminator() +// CHECK-LABEL: define {{.*}}void @test_blend_discriminator() void test_blend_discriminator() { // CHECK: [[PTR:%.*]] = load ptr, ptr @fnptr, // CHECK-NEXT: [[DISC:%.*]] = load i64, ptr @int_discriminator, @@ -61,7 +62,7 @@ void test_blend_discriminator() { int_discriminator = __builtin_ptrauth_blend_discriminator(fnptr, int_discriminator); } -// CHECK-LABEL: define void @test_sign_generic_data() +// CHECK-LABEL: define {{.*}}void @test_sign_generic_data() void test_sign_generic_data() { // CHECK: [[PTR:%.*]] = load ptr, ptr @fnptr, // CHECK-NEXT: [[DISC0:%.*]] = load ptr, ptr @ptr_discriminator, @@ -71,3 +72,16 @@ void test_sign_generic_data() { // CHECK-NEXT: store i64 [[RESULT]], ptr @signature, signature = __builtin_ptrauth_sign_generic_data(fnptr, ptr_discriminator); } + +// CHECK-LABEL: define {{.*}}void @test_string_discriminator() +void test_string_discriminator() { + // CHECK: [[X:%.*]] = alloca i32 + + // Check a couple of random discriminators used by Swift. + + // CHECK: store i32 58298, ptr [[X]], + int x = __builtin_ptrauth_string_discriminator("InitializeWithCopy"); + + // CHECK: store i32 9112, ptr [[X]], + x = __builtin_ptrauth_string_discriminator("DestroyArray"); +} diff --git a/clang/test/Sema/ptrauth-intrinsics-macro.c b/clang/test/Sema/ptrauth-intrinsics-macro.c index 07d6374045145..540f2846b7ce1 100644 --- a/clang/test/Sema/ptrauth-intrinsics-macro.c +++ b/clang/test/Sema/ptrauth-intrinsics-macro.c @@ -32,3 +32,8 @@ void test(int *dp, int value) { int t2 = ptrauth_sign_generic_data(dp, 0); (void)t2; } + +void test_string_discriminator(int *dp) { + ptrauth_extra_data_t t0 = ptrauth_string_discriminator("string"); + (void)t0; +} diff --git a/clang/test/Sema/ptrauth.c b/clang/test/Sema/ptrauth.c index 3ad3d70c24e41..20786093ecd4c 100644 --- a/clang/test/Sema/ptrauth.c +++ b/clang/test/Sema/ptrauth.c @@ -47,6 +47,18 @@ void test_blend_discriminator(int *dp, int (*fp)(int), int value) { float *mismatch = __builtin_ptrauth_blend_discriminator(dp, value); // expected-error {{incompatible integer to pointer conversion initializing 'float *' with an expression of type}} } +void test_string_discriminator(const char *str) { + __builtin_ptrauth_string_discriminator(); // expected-error {{too few arguments}} + __builtin_ptrauth_string_discriminator(str, str); // expected-error {{too many arguments}} + (void) __builtin_ptrauth_string_discriminator("test string"); // no warning + + __builtin_ptrauth_string_discriminator(str); // expected-error {{argument must be a string literal}} + __builtin_ptrauth_string_discriminator(L"wide test"); // expected-error {{argument must be a string literal}} expected-warning {{incompatible pointer types passing 'int[10]' to parameter of type 'const char *'}} + + void *mismatch = __builtin_ptrauth_string_discriminator("test string"); // expected-error {{incompatible integer to pointer conversion initializing 'void *' with an expression of type 'unsigned long'}} +} + + void test_sign_unauthenticated(int *dp, int (*fp)(int)) { __builtin_ptrauth_sign_unauthenticated(dp, VALID_DATA_KEY); // expected-error {{too few arguments}} __builtin_ptrauth_sign_unauthenticated(dp, VALID_DATA_KEY, dp, dp); // expected-error {{too many arguments}} _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits