1 //===--- CGClass.cpp - Emit LLVM Code for C++ classes -----------*- C++ -*-===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This contains code dealing with C++ code generation of classes 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "CGBlocks.h" 14 #include "CGCXXABI.h" 15 #include "CGDebugInfo.h" 16 #include "CGRecordLayout.h" 17 #include "CodeGenFunction.h" 18 #include "TargetInfo.h" 19 #include "clang/AST/Attr.h" 20 #include "clang/AST/CXXInheritance.h" 21 #include "clang/AST/CharUnits.h" 22 #include "clang/AST/DeclTemplate.h" 23 #include "clang/AST/EvaluatedExprVisitor.h" 24 #include "clang/AST/RecordLayout.h" 25 #include "clang/AST/StmtCXX.h" 26 #include "clang/Basic/CodeGenOptions.h" 27 #include "clang/Basic/TargetBuiltins.h" 28 #include "clang/CodeGen/CGFunctionInfo.h" 29 #include "llvm/IR/Intrinsics.h" 30 #include "llvm/IR/Metadata.h" 31 #include "llvm/Transforms/Utils/SanitizerStats.h" 32 33 using namespace clang; 34 using namespace CodeGen; 35 36 /// Return the best known alignment for an unknown pointer to a 37 /// particular class. 38 CharUnits CodeGenModule::getClassPointerAlignment(const CXXRecordDecl *RD) { 39 if (!RD->hasDefinition()) 40 return CharUnits::One(); // Hopefully won't be used anywhere. 41 42 auto &layout = getContext().getASTRecordLayout(RD); 43 44 // If the class is final, then we know that the pointer points to an 45 // object of that type and can use the full alignment. 46 if (RD->isEffectivelyFinal()) 47 return layout.getAlignment(); 48 49 // Otherwise, we have to assume it could be a subclass. 50 return layout.getNonVirtualAlignment(); 51 } 52 53 /// Return the smallest possible amount of storage that might be allocated 54 /// starting from the beginning of an object of a particular class. 55 /// 56 /// This may be smaller than sizeof(RD) if RD has virtual base classes. 57 CharUnits CodeGenModule::getMinimumClassObjectSize(const CXXRecordDecl *RD) { 58 if (!RD->hasDefinition()) 59 return CharUnits::One(); 60 61 auto &layout = getContext().getASTRecordLayout(RD); 62 63 // If the class is final, then we know that the pointer points to an 64 // object of that type and can use the full alignment. 65 if (RD->isEffectivelyFinal()) 66 return layout.getSize(); 67 68 // Otherwise, we have to assume it could be a subclass. 69 return std::max(layout.getNonVirtualSize(), CharUnits::One()); 70 } 71 72 /// Return the best known alignment for a pointer to a virtual base, 73 /// given the alignment of a pointer to the derived class. 74 CharUnits CodeGenModule::getVBaseAlignment(CharUnits actualDerivedAlign, 75 const CXXRecordDecl *derivedClass, 76 const CXXRecordDecl *vbaseClass) { 77 // The basic idea here is that an underaligned derived pointer might 78 // indicate an underaligned base pointer. 79 80 assert(vbaseClass->isCompleteDefinition()); 81 auto &baseLayout = getContext().getASTRecordLayout(vbaseClass); 82 CharUnits expectedVBaseAlign = baseLayout.getNonVirtualAlignment(); 83 84 return getDynamicOffsetAlignment(actualDerivedAlign, derivedClass, 85 expectedVBaseAlign); 86 } 87 88 CharUnits 89 CodeGenModule::getDynamicOffsetAlignment(CharUnits actualBaseAlign, 90 const CXXRecordDecl *baseDecl, 91 CharUnits expectedTargetAlign) { 92 // If the base is an incomplete type (which is, alas, possible with 93 // member pointers), be pessimistic. 94 if (!baseDecl->isCompleteDefinition()) 95 return std::min(actualBaseAlign, expectedTargetAlign); 96 97 auto &baseLayout = getContext().getASTRecordLayout(baseDecl); 98 CharUnits expectedBaseAlign = baseLayout.getNonVirtualAlignment(); 99 100 // If the class is properly aligned, assume the target offset is, too. 101 // 102 // This actually isn't necessarily the right thing to do --- if the 103 // class is a complete object, but it's only properly aligned for a 104 // base subobject, then the alignments of things relative to it are 105 // probably off as well. (Note that this requires the alignment of 106 // the target to be greater than the NV alignment of the derived 107 // class.) 108 // 109 // However, our approach to this kind of under-alignment can only 110 // ever be best effort; after all, we're never going to propagate 111 // alignments through variables or parameters. Note, in particular, 112 // that constructing a polymorphic type in an address that's less 113 // than pointer-aligned will generally trap in the constructor, 114 // unless we someday add some sort of attribute to change the 115 // assumed alignment of 'this'. So our goal here is pretty much 116 // just to allow the user to explicitly say that a pointer is 117 // under-aligned and then safely access its fields and vtables. 118 if (actualBaseAlign >= expectedBaseAlign) { 119 return expectedTargetAlign; 120 } 121 122 // Otherwise, we might be offset by an arbitrary multiple of the 123 // actual alignment. The correct adjustment is to take the min of 124 // the two alignments. 125 return std::min(actualBaseAlign, expectedTargetAlign); 126 } 127 128 Address CodeGenFunction::LoadCXXThisAddress() { 129 assert(CurFuncDecl && "loading 'this' without a func declaration?"); 130 assert(isa<CXXMethodDecl>(CurFuncDecl)); 131 132 // Lazily compute CXXThisAlignment. 133 if (CXXThisAlignment.isZero()) { 134 // Just use the best known alignment for the parent. 135 // TODO: if we're currently emitting a complete-object ctor/dtor, 136 // we can always use the complete-object alignment. 137 auto RD = cast<CXXMethodDecl>(CurFuncDecl)->getParent(); 138 CXXThisAlignment = CGM.getClassPointerAlignment(RD); 139 } 140 141 return Address(LoadCXXThis(), CXXThisAlignment); 142 } 143 144 /// Emit the address of a field using a member data pointer. 145 /// 146 /// \param E Only used for emergency diagnostics 147 Address 148 CodeGenFunction::EmitCXXMemberDataPointerAddress(const Expr *E, Address base, 149 llvm::Value *memberPtr, 150 const MemberPointerType *memberPtrType, 151 LValueBaseInfo *BaseInfo, 152 TBAAAccessInfo *TBAAInfo) { 153 // Ask the ABI to compute the actual address. 154 llvm::Value *ptr = 155 CGM.getCXXABI().EmitMemberDataPointerAddress(*this, E, base, 156 memberPtr, memberPtrType); 157 158 QualType memberType = memberPtrType->getPointeeType(); 159 CharUnits memberAlign = 160 CGM.getNaturalTypeAlignment(memberType, BaseInfo, TBAAInfo); 161 memberAlign = 162 CGM.getDynamicOffsetAlignment(base.getAlignment(), 163 memberPtrType->getClass()->getAsCXXRecordDecl(), 164 memberAlign); 165 return Address(ptr, memberAlign); 166 } 167 168 CharUnits CodeGenModule::computeNonVirtualBaseClassOffset( 169 const CXXRecordDecl *DerivedClass, CastExpr::path_const_iterator Start, 170 CastExpr::path_const_iterator End) { 171 CharUnits Offset = CharUnits::Zero(); 172 173 const ASTContext &Context = getContext(); 174 const CXXRecordDecl *RD = DerivedClass; 175 176 for (CastExpr::path_const_iterator I = Start; I != End; ++I) { 177 const CXXBaseSpecifier *Base = *I; 178 assert(!Base->isVirtual() && "Should not see virtual bases here!"); 179 180 // Get the layout. 181 const ASTRecordLayout &Layout = Context.getASTRecordLayout(RD); 182 183 const auto *BaseDecl = 184 cast<CXXRecordDecl>(Base->getType()->castAs<RecordType>()->getDecl()); 185 186 // Add the offset. 187 Offset += Layout.getBaseClassOffset(BaseDecl); 188 189 RD = BaseDecl; 190 } 191 192 return Offset; 193 } 194 195 llvm::Constant * 196 CodeGenModule::GetNonVirtualBaseClassOffset(const CXXRecordDecl *ClassDecl, 197 CastExpr::path_const_iterator PathBegin, 198 CastExpr::path_const_iterator PathEnd) { 199 assert(PathBegin != PathEnd && "Base path should not be empty!"); 200 201 CharUnits Offset = 202 computeNonVirtualBaseClassOffset(ClassDecl, PathBegin, PathEnd); 203 if (Offset.isZero()) 204 return nullptr; 205 206 llvm::Type *PtrDiffTy = 207 Types.ConvertType(getContext().getPointerDiffType()); 208 209 return llvm::ConstantInt::get(PtrDiffTy, Offset.getQuantity()); 210 } 211 212 /// Gets the address of a direct base class within a complete object. 213 /// This should only be used for (1) non-virtual bases or (2) virtual bases 214 /// when the type is known to be complete (e.g. in complete destructors). 215 /// 216 /// The object pointed to by 'This' is assumed to be non-null. 217 Address 218 CodeGenFunction::GetAddressOfDirectBaseInCompleteClass(Address This, 219 const CXXRecordDecl *Derived, 220 const CXXRecordDecl *Base, 221 bool BaseIsVirtual) { 222 // 'this' must be a pointer (in some address space) to Derived. 223 assert(This.getElementType() == ConvertType(Derived)); 224 225 // Compute the offset of the virtual base. 226 CharUnits Offset; 227 const ASTRecordLayout &Layout = getContext().getASTRecordLayout(Derived); 228 if (BaseIsVirtual) 229 Offset = Layout.getVBaseClassOffset(Base); 230 else 231 Offset = Layout.getBaseClassOffset(Base); 232 233 // Shift and cast down to the base type. 234 // TODO: for complete types, this should be possible with a GEP. 235 Address V = This; 236 if (!Offset.isZero()) { 237 V = Builder.CreateElementBitCast(V, Int8Ty); 238 V = Builder.CreateConstInBoundsByteGEP(V, Offset); 239 } 240 V = Builder.CreateElementBitCast(V, ConvertType(Base)); 241 242 return V; 243 } 244 245 static Address 246 ApplyNonVirtualAndVirtualOffset(CodeGenFunction &CGF, Address addr, 247 CharUnits nonVirtualOffset, 248 llvm::Value *virtualOffset, 249 const CXXRecordDecl *derivedClass, 250 const CXXRecordDecl *nearestVBase) { 251 // Assert that we have something to do. 252 assert(!nonVirtualOffset.isZero() || virtualOffset != nullptr); 253 254 // Compute the offset from the static and dynamic components. 255 llvm::Value *baseOffset; 256 if (!nonVirtualOffset.isZero()) { 257 llvm::Type *OffsetType = 258 (CGF.CGM.getTarget().getCXXABI().isItaniumFamily() && 259 CGF.CGM.getItaniumVTableContext().isRelativeLayout()) 260 ? CGF.Int32Ty 261 : CGF.PtrDiffTy; 262 baseOffset = 263 llvm::ConstantInt::get(OffsetType, nonVirtualOffset.getQuantity()); 264 if (virtualOffset) { 265 baseOffset = CGF.Builder.CreateAdd(virtualOffset, baseOffset); 266 } 267 } else { 268 baseOffset = virtualOffset; 269 } 270 271 // Apply the base offset. 272 llvm::Value *ptr = addr.getPointer(); 273 unsigned AddrSpace = ptr->getType()->getPointerAddressSpace(); 274 ptr = CGF.Builder.CreateBitCast(ptr, CGF.Int8Ty->getPointerTo(AddrSpace)); 275 ptr = CGF.Builder.CreateInBoundsGEP(CGF.Int8Ty, ptr, baseOffset, "add.ptr"); 276 277 // If we have a virtual component, the alignment of the result will 278 // be relative only to the known alignment of that vbase. 279 CharUnits alignment; 280 if (virtualOffset) { 281 assert(nearestVBase && "virtual offset without vbase?"); 282 alignment = CGF.CGM.getVBaseAlignment(addr.getAlignment(), 283 derivedClass, nearestVBase); 284 } else { 285 alignment = addr.getAlignment(); 286 } 287 alignment = alignment.alignmentAtOffset(nonVirtualOffset); 288 289 return Address(ptr, alignment); 290 } 291 292 Address CodeGenFunction::GetAddressOfBaseClass( 293 Address Value, const CXXRecordDecl *Derived, 294 CastExpr::path_const_iterator PathBegin, 295 CastExpr::path_const_iterator PathEnd, bool NullCheckValue, 296 SourceLocation Loc) { 297 assert(PathBegin != PathEnd && "Base path should not be empty!"); 298 299 CastExpr::path_const_iterator Start = PathBegin; 300 const CXXRecordDecl *VBase = nullptr; 301 302 // Sema has done some convenient canonicalization here: if the 303 // access path involved any virtual steps, the conversion path will 304 // *start* with a step down to the correct virtual base subobject, 305 // and hence will not require any further steps. 306 if ((*Start)->isVirtual()) { 307 VBase = cast<CXXRecordDecl>( 308 (*Start)->getType()->castAs<RecordType>()->getDecl()); 309 ++Start; 310 } 311 312 // Compute the static offset of the ultimate destination within its 313 // allocating subobject (the virtual base, if there is one, or else 314 // the "complete" object that we see). 315 CharUnits NonVirtualOffset = CGM.computeNonVirtualBaseClassOffset( 316 VBase ? VBase : Derived, Start, PathEnd); 317 318 // If there's a virtual step, we can sometimes "devirtualize" it. 319 // For now, that's limited to when the derived type is final. 320 // TODO: "devirtualize" this for accesses to known-complete objects. 321 if (VBase && Derived->hasAttr<FinalAttr>()) { 322 const ASTRecordLayout &layout = getContext().getASTRecordLayout(Derived); 323 CharUnits vBaseOffset = layout.getVBaseClassOffset(VBase); 324 NonVirtualOffset += vBaseOffset; 325 VBase = nullptr; // we no longer have a virtual step 326 } 327 328 // Get the base pointer type. 329 llvm::Type *BasePtrTy = 330 ConvertType((PathEnd[-1])->getType()) 331 ->getPointerTo(Value.getType()->getPointerAddressSpace()); 332 333 QualType DerivedTy = getContext().getRecordType(Derived); 334 CharUnits DerivedAlign = CGM.getClassPointerAlignment(Derived); 335 336 // If the static offset is zero and we don't have a virtual step, 337 // just do a bitcast; null checks are unnecessary. 338 if (NonVirtualOffset.isZero() && !VBase) { 339 if (sanitizePerformTypeCheck()) { 340 SanitizerSet SkippedChecks; 341 SkippedChecks.set(SanitizerKind::Null, !NullCheckValue); 342 EmitTypeCheck(TCK_Upcast, Loc, Value.getPointer(), 343 DerivedTy, DerivedAlign, SkippedChecks); 344 } 345 return Builder.CreateBitCast(Value, BasePtrTy); 346 } 347 348 llvm::BasicBlock *origBB = nullptr; 349 llvm::BasicBlock *endBB = nullptr; 350 351 // Skip over the offset (and the vtable load) if we're supposed to 352 // null-check the pointer. 353 if (NullCheckValue) { 354 origBB = Builder.GetInsertBlock(); 355 llvm::BasicBlock *notNullBB = createBasicBlock("cast.notnull"); 356 endBB = createBasicBlock("cast.end"); 357 358 llvm::Value *isNull = Builder.CreateIsNull(Value.getPointer()); 359 Builder.CreateCondBr(isNull, endBB, notNullBB); 360 EmitBlock(notNullBB); 361 } 362 363 if (sanitizePerformTypeCheck()) { 364 SanitizerSet SkippedChecks; 365 SkippedChecks.set(SanitizerKind::Null, true); 366 EmitTypeCheck(VBase ? TCK_UpcastToVirtualBase : TCK_Upcast, Loc, 367 Value.getPointer(), DerivedTy, DerivedAlign, SkippedChecks); 368 } 369 370 // Compute the virtual offset. 371 llvm::Value *VirtualOffset = nullptr; 372 if (VBase) { 373 VirtualOffset = 374 CGM.getCXXABI().GetVirtualBaseClassOffset(*this, Value, Derived, VBase); 375 } 376 377 // Apply both offsets. 378 Value = ApplyNonVirtualAndVirtualOffset(*this, Value, NonVirtualOffset, 379 VirtualOffset, Derived, VBase); 380 381 // Cast to the destination type. 382 Value = Builder.CreateBitCast(Value, BasePtrTy); 383 384 // Build a phi if we needed a null check. 385 if (NullCheckValue) { 386 llvm::BasicBlock *notNullBB = Builder.GetInsertBlock(); 387 Builder.CreateBr(endBB); 388 EmitBlock(endBB); 389 390 llvm::PHINode *PHI = Builder.CreatePHI(BasePtrTy, 2, "cast.result"); 391 PHI->addIncoming(Value.getPointer(), notNullBB); 392 PHI->addIncoming(llvm::Constant::getNullValue(BasePtrTy), origBB); 393 Value = Address(PHI, Value.getAlignment()); 394 } 395 396 return Value; 397 } 398 399 Address 400 CodeGenFunction::GetAddressOfDerivedClass(Address BaseAddr, 401 const CXXRecordDecl *Derived, 402 CastExpr::path_const_iterator PathBegin, 403 CastExpr::path_const_iterator PathEnd, 404 bool NullCheckValue) { 405 assert(PathBegin != PathEnd && "Base path should not be empty!"); 406 407 QualType DerivedTy = 408 getContext().getCanonicalType(getContext().getTagDeclType(Derived)); 409 unsigned AddrSpace = 410 BaseAddr.getPointer()->getType()->getPointerAddressSpace(); 411 llvm::Type *DerivedPtrTy = ConvertType(DerivedTy)->getPointerTo(AddrSpace); 412 413 llvm::Value *NonVirtualOffset = 414 CGM.GetNonVirtualBaseClassOffset(Derived, PathBegin, PathEnd); 415 416 if (!NonVirtualOffset) { 417 // No offset, we can just cast back. 418 return Builder.CreateBitCast(BaseAddr, DerivedPtrTy); 419 } 420 421 llvm::BasicBlock *CastNull = nullptr; 422 llvm::BasicBlock *CastNotNull = nullptr; 423 llvm::BasicBlock *CastEnd = nullptr; 424 425 if (NullCheckValue) { 426 CastNull = createBasicBlock("cast.null"); 427 CastNotNull = createBasicBlock("cast.notnull"); 428 CastEnd = createBasicBlock("cast.end"); 429 430 llvm::Value *IsNull = Builder.CreateIsNull(BaseAddr.getPointer()); 431 Builder.CreateCondBr(IsNull, CastNull, CastNotNull); 432 EmitBlock(CastNotNull); 433 } 434 435 // Apply the offset. 436 llvm::Value *Value = Builder.CreateBitCast(BaseAddr.getPointer(), Int8PtrTy); 437 Value = Builder.CreateInBoundsGEP( 438 Int8Ty, Value, Builder.CreateNeg(NonVirtualOffset), "sub.ptr"); 439 440 // Just cast. 441 Value = Builder.CreateBitCast(Value, DerivedPtrTy); 442 443 // Produce a PHI if we had a null-check. 444 if (NullCheckValue) { 445 Builder.CreateBr(CastEnd); 446 EmitBlock(CastNull); 447 Builder.CreateBr(CastEnd); 448 EmitBlock(CastEnd); 449 450 llvm::PHINode *PHI = Builder.CreatePHI(Value->getType(), 2); 451 PHI->addIncoming(Value, CastNotNull); 452 PHI->addIncoming(llvm::Constant::getNullValue(Value->getType()), CastNull); 453 Value = PHI; 454 } 455 456 return Address(Value, CGM.getClassPointerAlignment(Derived)); 457 } 458 459 llvm::Value *CodeGenFunction::GetVTTParameter(GlobalDecl GD, 460 bool ForVirtualBase, 461 bool Delegating) { 462 if (!CGM.getCXXABI().NeedsVTTParameter(GD)) { 463 // This constructor/destructor does not need a VTT parameter. 464 return nullptr; 465 } 466 467 const CXXRecordDecl *RD = cast<CXXMethodDecl>(CurCodeDecl)->getParent(); 468 const CXXRecordDecl *Base = cast<CXXMethodDecl>(GD.getDecl())->getParent(); 469 470 llvm::Value *VTT; 471 472 uint64_t SubVTTIndex; 473 474 if (Delegating) { 475 // If this is a delegating constructor call, just load the VTT. 476 return LoadCXXVTT(); 477 } else if (RD == Base) { 478 // If the record matches the base, this is the complete ctor/dtor 479 // variant calling the base variant in a class with virtual bases. 480 assert(!CGM.getCXXABI().NeedsVTTParameter(CurGD) && 481 "doing no-op VTT offset in base dtor/ctor?"); 482 assert(!ForVirtualBase && "Can't have same class as virtual base!"); 483 SubVTTIndex = 0; 484 } else { 485 const ASTRecordLayout &Layout = getContext().getASTRecordLayout(RD); 486 CharUnits BaseOffset = ForVirtualBase ? 487 Layout.getVBaseClassOffset(Base) : 488 Layout.getBaseClassOffset(Base); 489 490 SubVTTIndex = 491 CGM.getVTables().getSubVTTIndex(RD, BaseSubobject(Base, BaseOffset)); 492 assert(SubVTTIndex != 0 && "Sub-VTT index must be greater than zero!"); 493 } 494 495 if (CGM.getCXXABI().NeedsVTTParameter(CurGD)) { 496 // A VTT parameter was passed to the constructor, use it. 497 VTT = LoadCXXVTT(); 498 VTT = Builder.CreateConstInBoundsGEP1_64(VTT, SubVTTIndex); 499 } else { 500 // We're the complete constructor, so get the VTT by name. 501 VTT = CGM.getVTables().GetAddrOfVTT(RD); 502 VTT = Builder.CreateConstInBoundsGEP2_64(VTT, 0, SubVTTIndex); 503 } 504 505 return VTT; 506 } 507 508 namespace { 509 /// Call the destructor for a direct base class. 510 struct CallBaseDtor final : EHScopeStack::Cleanup { 511 const CXXRecordDecl *BaseClass; 512 bool BaseIsVirtual; 513 CallBaseDtor(const CXXRecordDecl *Base, bool BaseIsVirtual) 514 : BaseClass(Base), BaseIsVirtual(BaseIsVirtual) {} 515 516 void Emit(CodeGenFunction &CGF, Flags flags) override { 517 const CXXRecordDecl *DerivedClass = 518 cast<CXXMethodDecl>(CGF.CurCodeDecl)->getParent(); 519 520 const CXXDestructorDecl *D = BaseClass->getDestructor(); 521 // We are already inside a destructor, so presumably the object being 522 // destroyed should have the expected type. 523 QualType ThisTy = D->getThisObjectType(); 524 Address Addr = 525 CGF.GetAddressOfDirectBaseInCompleteClass(CGF.LoadCXXThisAddress(), 526 DerivedClass, BaseClass, 527 BaseIsVirtual); 528 CGF.EmitCXXDestructorCall(D, Dtor_Base, BaseIsVirtual, 529 /*Delegating=*/false, Addr, ThisTy); 530 } 531 }; 532 533 /// A visitor which checks whether an initializer uses 'this' in a 534 /// way which requires the vtable to be properly set. 535 struct DynamicThisUseChecker : ConstEvaluatedExprVisitor<DynamicThisUseChecker> { 536 typedef ConstEvaluatedExprVisitor<DynamicThisUseChecker> super; 537 538 bool UsesThis; 539 540 DynamicThisUseChecker(const ASTContext &C) : super(C), UsesThis(false) {} 541 542 // Black-list all explicit and implicit references to 'this'. 543 // 544 // Do we need to worry about external references to 'this' derived 545 // from arbitrary code? If so, then anything which runs arbitrary 546 // external code might potentially access the vtable. 547 void VisitCXXThisExpr(const CXXThisExpr *E) { UsesThis = true; } 548 }; 549 } // end anonymous namespace 550 551 static bool BaseInitializerUsesThis(ASTContext &C, const Expr *Init) { 552 DynamicThisUseChecker Checker(C); 553 Checker.Visit(Init); 554 return Checker.UsesThis; 555 } 556 557 static void EmitBaseInitializer(CodeGenFunction &CGF, 558 const CXXRecordDecl *ClassDecl, 559 CXXCtorInitializer *BaseInit) { 560 assert(BaseInit->isBaseInitializer() && 561 "Must have base initializer!"); 562 563 Address ThisPtr = CGF.LoadCXXThisAddress(); 564 565 const Type *BaseType = BaseInit->getBaseClass(); 566 const auto *BaseClassDecl = 567 cast<CXXRecordDecl>(BaseType->castAs<RecordType>()->getDecl()); 568 569 bool isBaseVirtual = BaseInit->isBaseVirtual(); 570 571 // If the initializer for the base (other than the constructor 572 // itself) accesses 'this' in any way, we need to initialize the 573 // vtables. 574 if (BaseInitializerUsesThis(CGF.getContext(), BaseInit->getInit())) 575 CGF.InitializeVTablePointers(ClassDecl); 576 577 // We can pretend to be a complete class because it only matters for 578 // virtual bases, and we only do virtual bases for complete ctors. 579 Address V = 580 CGF.GetAddressOfDirectBaseInCompleteClass(ThisPtr, ClassDecl, 581 BaseClassDecl, 582 isBaseVirtual); 583 AggValueSlot AggSlot = 584 AggValueSlot::forAddr( 585 V, Qualifiers(), 586 AggValueSlot::IsDestructed, 587 AggValueSlot::DoesNotNeedGCBarriers, 588 AggValueSlot::IsNotAliased, 589 CGF.getOverlapForBaseInit(ClassDecl, BaseClassDecl, isBaseVirtual)); 590 591 CGF.EmitAggExpr(BaseInit->getInit(), AggSlot); 592 593 if (CGF.CGM.getLangOpts().Exceptions && 594 !BaseClassDecl->hasTrivialDestructor()) 595 CGF.EHStack.pushCleanup<CallBaseDtor>(EHCleanup, BaseClassDecl, 596 isBaseVirtual); 597 } 598 599 static bool isMemcpyEquivalentSpecialMember(const CXXMethodDecl *D) { 600 auto *CD = dyn_cast<CXXConstructorDecl>(D); 601 if (!(CD && CD->isCopyOrMoveConstructor()) && 602 !D->isCopyAssignmentOperator() && !D->isMoveAssignmentOperator()) 603 return false; 604 605 // We can emit a memcpy for a trivial copy or move constructor/assignment. 606 if (D->isTrivial() && !D->getParent()->mayInsertExtraPadding()) 607 return true; 608 609 // We *must* emit a memcpy for a defaulted union copy or move op. 610 if (D->getParent()->isUnion() && D->isDefaulted()) 611 return true; 612 613 return false; 614 } 615 616 static void EmitLValueForAnyFieldInitialization(CodeGenFunction &CGF, 617 CXXCtorInitializer *MemberInit, 618 LValue &LHS) { 619 FieldDecl *Field = MemberInit->getAnyMember(); 620 if (MemberInit->isIndirectMemberInitializer()) { 621 // If we are initializing an anonymous union field, drill down to the field. 622 IndirectFieldDecl *IndirectField = MemberInit->getIndirectMember(); 623 for (const auto *I : IndirectField->chain()) 624 LHS = CGF.EmitLValueForFieldInitialization(LHS, cast<FieldDecl>(I)); 625 } else { 626 LHS = CGF.EmitLValueForFieldInitialization(LHS, Field); 627 } 628 } 629 630 static void EmitMemberInitializer(CodeGenFunction &CGF, 631 const CXXRecordDecl *ClassDecl, 632 CXXCtorInitializer *MemberInit, 633 const CXXConstructorDecl *Constructor, 634 FunctionArgList &Args) { 635 ApplyDebugLocation Loc(CGF, MemberInit->getSourceLocation()); 636 assert(MemberInit->isAnyMemberInitializer() && 637 "Must have member initializer!"); 638 assert(MemberInit->getInit() && "Must have initializer!"); 639 640 // non-static data member initializers. 641 FieldDecl *Field = MemberInit->getAnyMember(); 642 QualType FieldType = Field->getType(); 643 644 llvm::Value *ThisPtr = CGF.LoadCXXThis(); 645 QualType RecordTy = CGF.getContext().getTypeDeclType(ClassDecl); 646 LValue LHS; 647 648 // If a base constructor is being emitted, create an LValue that has the 649 // non-virtual alignment. 650 if (CGF.CurGD.getCtorType() == Ctor_Base) 651 LHS = CGF.MakeNaturalAlignPointeeAddrLValue(ThisPtr, RecordTy); 652 else 653 LHS = CGF.MakeNaturalAlignAddrLValue(ThisPtr, RecordTy); 654 655 EmitLValueForAnyFieldInitialization(CGF, MemberInit, LHS); 656 657 // Special case: if we are in a copy or move constructor, and we are copying 658 // an array of PODs or classes with trivial copy constructors, ignore the 659 // AST and perform the copy we know is equivalent. 660 // FIXME: This is hacky at best... if we had a bit more explicit information 661 // in the AST, we could generalize it more easily. 662 const ConstantArrayType *Array 663 = CGF.getContext().getAsConstantArrayType(FieldType); 664 if (Array && Constructor->isDefaulted() && 665 Constructor->isCopyOrMoveConstructor()) { 666 QualType BaseElementTy = CGF.getContext().getBaseElementType(Array); 667 CXXConstructExpr *CE = dyn_cast<CXXConstructExpr>(MemberInit->getInit()); 668 if (BaseElementTy.isPODType(CGF.getContext()) || 669 (CE && isMemcpyEquivalentSpecialMember(CE->getConstructor()))) { 670 unsigned SrcArgIndex = 671 CGF.CGM.getCXXABI().getSrcArgforCopyCtor(Constructor, Args); 672 llvm::Value *SrcPtr 673 = CGF.Builder.CreateLoad(CGF.GetAddrOfLocalVar(Args[SrcArgIndex])); 674 LValue ThisRHSLV = CGF.MakeNaturalAlignAddrLValue(SrcPtr, RecordTy); 675 LValue Src = CGF.EmitLValueForFieldInitialization(ThisRHSLV, Field); 676 677 // Copy the aggregate. 678 CGF.EmitAggregateCopy(LHS, Src, FieldType, CGF.getOverlapForFieldInit(Field), 679 LHS.isVolatileQualified()); 680 // Ensure that we destroy the objects if an exception is thrown later in 681 // the constructor. 682 QualType::DestructionKind dtorKind = FieldType.isDestructedType(); 683 if (CGF.needsEHCleanup(dtorKind)) 684 CGF.pushEHDestroy(dtorKind, LHS.getAddress(CGF), FieldType); 685 return; 686 } 687 } 688 689 CGF.EmitInitializerForField(Field, LHS, MemberInit->getInit()); 690 } 691 692 void CodeGenFunction::EmitInitializerForField(FieldDecl *Field, LValue LHS, 693 Expr *Init) { 694 QualType FieldType = Field->getType(); 695 switch (getEvaluationKind(FieldType)) { 696 case TEK_Scalar: 697 if (LHS.isSimple()) { 698 EmitExprAsInit(Init, Field, LHS, false); 699 } else { 700 RValue RHS = RValue::get(EmitScalarExpr(Init)); 701 EmitStoreThroughLValue(RHS, LHS); 702 } 703 break; 704 case TEK_Complex: 705 EmitComplexExprIntoLValue(Init, LHS, /*isInit*/ true); 706 break; 707 case TEK_Aggregate: { 708 AggValueSlot Slot = AggValueSlot::forLValue( 709 LHS, *this, AggValueSlot::IsDestructed, 710 AggValueSlot::DoesNotNeedGCBarriers, AggValueSlot::IsNotAliased, 711 getOverlapForFieldInit(Field), AggValueSlot::IsNotZeroed, 712 // Checks are made by the code that calls constructor. 713 AggValueSlot::IsSanitizerChecked); 714 EmitAggExpr(Init, Slot); 715 break; 716 } 717 } 718 719 // Ensure that we destroy this object if an exception is thrown 720 // later in the constructor. 721 QualType::DestructionKind dtorKind = FieldType.isDestructedType(); 722 if (needsEHCleanup(dtorKind)) 723 pushEHDestroy(dtorKind, LHS.getAddress(*this), FieldType); 724 } 725 726 /// Checks whether the given constructor is a valid subject for the 727 /// complete-to-base constructor delegation optimization, i.e. 728 /// emitting the complete constructor as a simple call to the base 729 /// constructor. 730 bool CodeGenFunction::IsConstructorDelegationValid( 731 const CXXConstructorDecl *Ctor) { 732 733 // Currently we disable the optimization for classes with virtual 734 // bases because (1) the addresses of parameter variables need to be 735 // consistent across all initializers but (2) the delegate function 736 // call necessarily creates a second copy of the parameter variable. 737 // 738 // The limiting example (purely theoretical AFAIK): 739 // struct A { A(int &c) { c++; } }; 740 // struct B : virtual A { 741 // B(int count) : A(count) { printf("%d\n", count); } 742 // }; 743 // ...although even this example could in principle be emitted as a 744 // delegation since the address of the parameter doesn't escape. 745 if (Ctor->getParent()->getNumVBases()) { 746 // TODO: white-list trivial vbase initializers. This case wouldn't 747 // be subject to the restrictions below. 748 749 // TODO: white-list cases where: 750 // - there are no non-reference parameters to the constructor 751 // - the initializers don't access any non-reference parameters 752 // - the initializers don't take the address of non-reference 753 // parameters 754 // - etc. 755 // If we ever add any of the above cases, remember that: 756 // - function-try-blocks will always exclude this optimization 757 // - we need to perform the constructor prologue and cleanup in 758 // EmitConstructorBody. 759 760 return false; 761 } 762 763 // We also disable the optimization for variadic functions because 764 // it's impossible to "re-pass" varargs. 765 if (Ctor->getType()->castAs<FunctionProtoType>()->isVariadic()) 766 return false; 767 768 // FIXME: Decide if we can do a delegation of a delegating constructor. 769 if (Ctor->isDelegatingConstructor()) 770 return false; 771 772 return true; 773 } 774 775 // Emit code in ctor (Prologue==true) or dtor (Prologue==false) 776 // to poison the extra field paddings inserted under 777 // -fsanitize-address-field-padding=1|2. 778 void CodeGenFunction::EmitAsanPrologueOrEpilogue(bool Prologue) { 779 ASTContext &Context = getContext(); 780 const CXXRecordDecl *ClassDecl = 781 Prologue ? cast<CXXConstructorDecl>(CurGD.getDecl())->getParent() 782 : cast<CXXDestructorDecl>(CurGD.getDecl())->getParent(); 783 if (!ClassDecl->mayInsertExtraPadding()) return; 784 785 struct SizeAndOffset { 786 uint64_t Size; 787 uint64_t Offset; 788 }; 789 790 unsigned PtrSize = CGM.getDataLayout().getPointerSizeInBits(); 791 const ASTRecordLayout &Info = Context.getASTRecordLayout(ClassDecl); 792 793 // Populate sizes and offsets of fields. 794 SmallVector<SizeAndOffset, 16> SSV(Info.getFieldCount()); 795 for (unsigned i = 0, e = Info.getFieldCount(); i != e; ++i) 796 SSV[i].Offset = 797 Context.toCharUnitsFromBits(Info.getFieldOffset(i)).getQuantity(); 798 799 size_t NumFields = 0; 800 for (const auto *Field : ClassDecl->fields()) { 801 const FieldDecl *D = Field; 802 auto FieldInfo = Context.getTypeInfoInChars(D->getType()); 803 CharUnits FieldSize = FieldInfo.Width; 804 assert(NumFields < SSV.size()); 805 SSV[NumFields].Size = D->isBitField() ? 0 : FieldSize.getQuantity(); 806 NumFields++; 807 } 808 assert(NumFields == SSV.size()); 809 if (SSV.size() <= 1) return; 810 811 // We will insert calls to __asan_* run-time functions. 812 // LLVM AddressSanitizer pass may decide to inline them later. 813 llvm::Type *Args[2] = {IntPtrTy, IntPtrTy}; 814 llvm::FunctionType *FTy = 815 llvm::FunctionType::get(CGM.VoidTy, Args, false); 816 llvm::FunctionCallee F = CGM.CreateRuntimeFunction( 817 FTy, Prologue ? "__asan_poison_intra_object_redzone" 818 : "__asan_unpoison_intra_object_redzone"); 819 820 llvm::Value *ThisPtr = LoadCXXThis(); 821 ThisPtr = Builder.CreatePtrToInt(ThisPtr, IntPtrTy); 822 uint64_t TypeSize = Info.getNonVirtualSize().getQuantity(); 823 // For each field check if it has sufficient padding, 824 // if so (un)poison it with a call. 825 for (size_t i = 0; i < SSV.size(); i++) { 826 uint64_t AsanAlignment = 8; 827 uint64_t NextField = i == SSV.size() - 1 ? TypeSize : SSV[i + 1].Offset; 828 uint64_t PoisonSize = NextField - SSV[i].Offset - SSV[i].Size; 829 uint64_t EndOffset = SSV[i].Offset + SSV[i].Size; 830 if (PoisonSize < AsanAlignment || !SSV[i].Size || 831 (NextField % AsanAlignment) != 0) 832 continue; 833 Builder.CreateCall( 834 F, {Builder.CreateAdd(ThisPtr, Builder.getIntN(PtrSize, EndOffset)), 835 Builder.getIntN(PtrSize, PoisonSize)}); 836 } 837 } 838 839 /// EmitConstructorBody - Emits the body of the current constructor. 840 void CodeGenFunction::EmitConstructorBody(FunctionArgList &Args) { 841 EmitAsanPrologueOrEpilogue(true); 842 const CXXConstructorDecl *Ctor = cast<CXXConstructorDecl>(CurGD.getDecl()); 843 CXXCtorType CtorType = CurGD.getCtorType(); 844 845 assert((CGM.getTarget().getCXXABI().hasConstructorVariants() || 846 CtorType == Ctor_Complete) && 847 "can only generate complete ctor for this ABI"); 848 849 // Before we go any further, try the complete->base constructor 850 // delegation optimization. 851 if (CtorType == Ctor_Complete && IsConstructorDelegationValid(Ctor) && 852 CGM.getTarget().getCXXABI().hasConstructorVariants()) { 853 EmitDelegateCXXConstructorCall(Ctor, Ctor_Base, Args, Ctor->getEndLoc()); 854 return; 855 } 856 857 const FunctionDecl *Definition = nullptr; 858 Stmt *Body = Ctor->getBody(Definition); 859 assert(Definition == Ctor && "emitting wrong constructor body"); 860 861 // Enter the function-try-block before the constructor prologue if 862 // applicable. 863 bool IsTryBody = (Body && isa<CXXTryStmt>(Body)); 864 if (IsTryBody) 865 EnterCXXTryStmt(*cast<CXXTryStmt>(Body), true); 866 867 incrementProfileCounter(Body); 868 869 RunCleanupsScope RunCleanups(*this); 870 871 // TODO: in restricted cases, we can emit the vbase initializers of 872 // a complete ctor and then delegate to the base ctor. 873 874 // Emit the constructor prologue, i.e. the base and member 875 // initializers. 876 EmitCtorPrologue(Ctor, CtorType, Args); 877 878 // Emit the body of the statement. 879 if (IsTryBody) 880 EmitStmt(cast<CXXTryStmt>(Body)->getTryBlock()); 881 else if (Body) 882 EmitStmt(Body); 883 884 // Emit any cleanup blocks associated with the member or base 885 // initializers, which includes (along the exceptional path) the 886 // destructors for those members and bases that were fully 887 // constructed. 888 RunCleanups.ForceCleanup(); 889 890 if (IsTryBody) 891 ExitCXXTryStmt(*cast<CXXTryStmt>(Body), true); 892 } 893 894 namespace { 895 /// RAII object to indicate that codegen is copying the value representation 896 /// instead of the object representation. Useful when copying a struct or 897 /// class which has uninitialized members and we're only performing 898 /// lvalue-to-rvalue conversion on the object but not its members. 899 class CopyingValueRepresentation { 900 public: 901 explicit CopyingValueRepresentation(CodeGenFunction &CGF) 902 : CGF(CGF), OldSanOpts(CGF.SanOpts) { 903 CGF.SanOpts.set(SanitizerKind::Bool, false); 904 CGF.SanOpts.set(SanitizerKind::Enum, false); 905 } 906 ~CopyingValueRepresentation() { 907 CGF.SanOpts = OldSanOpts; 908 } 909 private: 910 CodeGenFunction &CGF; 911 SanitizerSet OldSanOpts; 912 }; 913 } // end anonymous namespace 914 915 namespace { 916 class FieldMemcpyizer { 917 public: 918 FieldMemcpyizer(CodeGenFunction &CGF, const CXXRecordDecl *ClassDecl, 919 const VarDecl *SrcRec) 920 : CGF(CGF), ClassDecl(ClassDecl), SrcRec(SrcRec), 921 RecLayout(CGF.getContext().getASTRecordLayout(ClassDecl)), 922 FirstField(nullptr), LastField(nullptr), FirstFieldOffset(0), 923 LastFieldOffset(0), LastAddedFieldIndex(0) {} 924 925 bool isMemcpyableField(FieldDecl *F) const { 926 // Never memcpy fields when we are adding poisoned paddings. 927 if (CGF.getContext().getLangOpts().SanitizeAddressFieldPadding) 928 return false; 929 Qualifiers Qual = F->getType().getQualifiers(); 930 if (Qual.hasVolatile() || Qual.hasObjCLifetime()) 931 return false; 932 return true; 933 } 934 935 void addMemcpyableField(FieldDecl *F) { 936 if (F->isZeroSize(CGF.getContext())) 937 return; 938 if (!FirstField) 939 addInitialField(F); 940 else 941 addNextField(F); 942 } 943 944 CharUnits getMemcpySize(uint64_t FirstByteOffset) const { 945 ASTContext &Ctx = CGF.getContext(); 946 unsigned LastFieldSize = 947 LastField->isBitField() 948 ? LastField->getBitWidthValue(Ctx) 949 : Ctx.toBits( 950 Ctx.getTypeInfoDataSizeInChars(LastField->getType()).Width); 951 uint64_t MemcpySizeBits = LastFieldOffset + LastFieldSize - 952 FirstByteOffset + Ctx.getCharWidth() - 1; 953 CharUnits MemcpySize = Ctx.toCharUnitsFromBits(MemcpySizeBits); 954 return MemcpySize; 955 } 956 957 void emitMemcpy() { 958 // Give the subclass a chance to bail out if it feels the memcpy isn't 959 // worth it (e.g. Hasn't aggregated enough data). 960 if (!FirstField) { 961 return; 962 } 963 964 uint64_t FirstByteOffset; 965 if (FirstField->isBitField()) { 966 const CGRecordLayout &RL = 967 CGF.getTypes().getCGRecordLayout(FirstField->getParent()); 968 const CGBitFieldInfo &BFInfo = RL.getBitFieldInfo(FirstField); 969 // FirstFieldOffset is not appropriate for bitfields, 970 // we need to use the storage offset instead. 971 FirstByteOffset = CGF.getContext().toBits(BFInfo.StorageOffset); 972 } else { 973 FirstByteOffset = FirstFieldOffset; 974 } 975 976 CharUnits MemcpySize = getMemcpySize(FirstByteOffset); 977 QualType RecordTy = CGF.getContext().getTypeDeclType(ClassDecl); 978 Address ThisPtr = CGF.LoadCXXThisAddress(); 979 LValue DestLV = CGF.MakeAddrLValue(ThisPtr, RecordTy); 980 LValue Dest = CGF.EmitLValueForFieldInitialization(DestLV, FirstField); 981 llvm::Value *SrcPtr = CGF.Builder.CreateLoad(CGF.GetAddrOfLocalVar(SrcRec)); 982 LValue SrcLV = CGF.MakeNaturalAlignAddrLValue(SrcPtr, RecordTy); 983 LValue Src = CGF.EmitLValueForFieldInitialization(SrcLV, FirstField); 984 985 emitMemcpyIR( 986 Dest.isBitField() ? Dest.getBitFieldAddress() : Dest.getAddress(CGF), 987 Src.isBitField() ? Src.getBitFieldAddress() : Src.getAddress(CGF), 988 MemcpySize); 989 reset(); 990 } 991 992 void reset() { 993 FirstField = nullptr; 994 } 995 996 protected: 997 CodeGenFunction &CGF; 998 const CXXRecordDecl *ClassDecl; 999 1000 private: 1001 void emitMemcpyIR(Address DestPtr, Address SrcPtr, CharUnits Size) { 1002 llvm::PointerType *DPT = DestPtr.getType(); 1003 llvm::Type *DBP = 1004 llvm::Type::getInt8PtrTy(CGF.getLLVMContext(), DPT->getAddressSpace()); 1005 DestPtr = CGF.Builder.CreateBitCast(DestPtr, DBP); 1006 1007 llvm::PointerType *SPT = SrcPtr.getType(); 1008 llvm::Type *SBP = 1009 llvm::Type::getInt8PtrTy(CGF.getLLVMContext(), SPT->getAddressSpace()); 1010 SrcPtr = CGF.Builder.CreateBitCast(SrcPtr, SBP); 1011 1012 CGF.Builder.CreateMemCpy(DestPtr, SrcPtr, Size.getQuantity()); 1013 } 1014 1015 void addInitialField(FieldDecl *F) { 1016 FirstField = F; 1017 LastField = F; 1018 FirstFieldOffset = RecLayout.getFieldOffset(F->getFieldIndex()); 1019 LastFieldOffset = FirstFieldOffset; 1020 LastAddedFieldIndex = F->getFieldIndex(); 1021 } 1022 1023 void addNextField(FieldDecl *F) { 1024 // For the most part, the following invariant will hold: 1025 // F->getFieldIndex() == LastAddedFieldIndex + 1 1026 // The one exception is that Sema won't add a copy-initializer for an 1027 // unnamed bitfield, which will show up here as a gap in the sequence. 1028 assert(F->getFieldIndex() >= LastAddedFieldIndex + 1 && 1029 "Cannot aggregate fields out of order."); 1030 LastAddedFieldIndex = F->getFieldIndex(); 1031 1032 // The 'first' and 'last' fields are chosen by offset, rather than field 1033 // index. This allows the code to support bitfields, as well as regular 1034 // fields. 1035 uint64_t FOffset = RecLayout.getFieldOffset(F->getFieldIndex()); 1036 if (FOffset < FirstFieldOffset) { 1037 FirstField = F; 1038 FirstFieldOffset = FOffset; 1039 } else if (FOffset >= LastFieldOffset) { 1040 LastField = F; 1041 LastFieldOffset = FOffset; 1042 } 1043 } 1044 1045 const VarDecl *SrcRec; 1046 const ASTRecordLayout &RecLayout; 1047 FieldDecl *FirstField; 1048 FieldDecl *LastField; 1049 uint64_t FirstFieldOffset, LastFieldOffset; 1050 unsigned LastAddedFieldIndex; 1051 }; 1052 1053 class ConstructorMemcpyizer : public FieldMemcpyizer { 1054 private: 1055 /// Get source argument for copy constructor. Returns null if not a copy 1056 /// constructor. 1057 static const VarDecl *getTrivialCopySource(CodeGenFunction &CGF, 1058 const CXXConstructorDecl *CD, 1059 FunctionArgList &Args) { 1060 if (CD->isCopyOrMoveConstructor() && CD->isDefaulted()) 1061 return Args[CGF.CGM.getCXXABI().getSrcArgforCopyCtor(CD, Args)]; 1062 return nullptr; 1063 } 1064 1065 // Returns true if a CXXCtorInitializer represents a member initialization 1066 // that can be rolled into a memcpy. 1067 bool isMemberInitMemcpyable(CXXCtorInitializer *MemberInit) const { 1068 if (!MemcpyableCtor) 1069 return false; 1070 FieldDecl *Field = MemberInit->getMember(); 1071 assert(Field && "No field for member init."); 1072 QualType FieldType = Field->getType(); 1073 CXXConstructExpr *CE = dyn_cast<CXXConstructExpr>(MemberInit->getInit()); 1074 1075 // Bail out on non-memcpyable, not-trivially-copyable members. 1076 if (!(CE && isMemcpyEquivalentSpecialMember(CE->getConstructor())) && 1077 !(FieldType.isTriviallyCopyableType(CGF.getContext()) || 1078 FieldType->isReferenceType())) 1079 return false; 1080 1081 // Bail out on volatile fields. 1082 if (!isMemcpyableField(Field)) 1083 return false; 1084 1085 // Otherwise we're good. 1086 return true; 1087 } 1088 1089 public: 1090 ConstructorMemcpyizer(CodeGenFunction &CGF, const CXXConstructorDecl *CD, 1091 FunctionArgList &Args) 1092 : FieldMemcpyizer(CGF, CD->getParent(), getTrivialCopySource(CGF, CD, Args)), 1093 ConstructorDecl(CD), 1094 MemcpyableCtor(CD->isDefaulted() && 1095 CD->isCopyOrMoveConstructor() && 1096 CGF.getLangOpts().getGC() == LangOptions::NonGC), 1097 Args(Args) { } 1098 1099 void addMemberInitializer(CXXCtorInitializer *MemberInit) { 1100 if (isMemberInitMemcpyable(MemberInit)) { 1101 AggregatedInits.push_back(MemberInit); 1102 addMemcpyableField(MemberInit->getMember()); 1103 } else { 1104 emitAggregatedInits(); 1105 EmitMemberInitializer(CGF, ConstructorDecl->getParent(), MemberInit, 1106 ConstructorDecl, Args); 1107 } 1108 } 1109 1110 void emitAggregatedInits() { 1111 if (AggregatedInits.size() <= 1) { 1112 // This memcpy is too small to be worthwhile. Fall back on default 1113 // codegen. 1114 if (!AggregatedInits.empty()) { 1115 CopyingValueRepresentation CVR(CGF); 1116 EmitMemberInitializer(CGF, ConstructorDecl->getParent(), 1117 AggregatedInits[0], ConstructorDecl, Args); 1118 AggregatedInits.clear(); 1119 } 1120 reset(); 1121 return; 1122 } 1123 1124 pushEHDestructors(); 1125 emitMemcpy(); 1126 AggregatedInits.clear(); 1127 } 1128 1129 void pushEHDestructors() { 1130 Address ThisPtr = CGF.LoadCXXThisAddress(); 1131 QualType RecordTy = CGF.getContext().getTypeDeclType(ClassDecl); 1132 LValue LHS = CGF.MakeAddrLValue(ThisPtr, RecordTy); 1133 1134 for (unsigned i = 0; i < AggregatedInits.size(); ++i) { 1135 CXXCtorInitializer *MemberInit = AggregatedInits[i]; 1136 QualType FieldType = MemberInit->getAnyMember()->getType(); 1137 QualType::DestructionKind dtorKind = FieldType.isDestructedType(); 1138 if (!CGF.needsEHCleanup(dtorKind)) 1139 continue; 1140 LValue FieldLHS = LHS; 1141 EmitLValueForAnyFieldInitialization(CGF, MemberInit, FieldLHS); 1142 CGF.pushEHDestroy(dtorKind, FieldLHS.getAddress(CGF), FieldType); 1143 } 1144 } 1145 1146 void finish() { 1147 emitAggregatedInits(); 1148 } 1149 1150 private: 1151 const CXXConstructorDecl *ConstructorDecl; 1152 bool MemcpyableCtor; 1153 FunctionArgList &Args; 1154 SmallVector<CXXCtorInitializer*, 16> AggregatedInits; 1155 }; 1156 1157 class AssignmentMemcpyizer : public FieldMemcpyizer { 1158 private: 1159 // Returns the memcpyable field copied by the given statement, if one 1160 // exists. Otherwise returns null. 1161 FieldDecl *getMemcpyableField(Stmt *S) { 1162 if (!AssignmentsMemcpyable) 1163 return nullptr; 1164 if (BinaryOperator *BO = dyn_cast<BinaryOperator>(S)) { 1165 // Recognise trivial assignments. 1166 if (BO->getOpcode() != BO_Assign) 1167 return nullptr; 1168 MemberExpr *ME = dyn_cast<MemberExpr>(BO->getLHS()); 1169 if (!ME) 1170 return nullptr; 1171 FieldDecl *Field = dyn_cast<FieldDecl>(ME->getMemberDecl()); 1172 if (!Field || !isMemcpyableField(Field)) 1173 return nullptr; 1174 Stmt *RHS = BO->getRHS(); 1175 if (ImplicitCastExpr *EC = dyn_cast<ImplicitCastExpr>(RHS)) 1176 RHS = EC->getSubExpr(); 1177 if (!RHS) 1178 return nullptr; 1179 if (MemberExpr *ME2 = dyn_cast<MemberExpr>(RHS)) { 1180 if (ME2->getMemberDecl() == Field) 1181 return Field; 1182 } 1183 return nullptr; 1184 } else if (CXXMemberCallExpr *MCE = dyn_cast<CXXMemberCallExpr>(S)) { 1185 CXXMethodDecl *MD = dyn_cast<CXXMethodDecl>(MCE->getCalleeDecl()); 1186 if (!(MD && isMemcpyEquivalentSpecialMember(MD))) 1187 return nullptr; 1188 MemberExpr *IOA = dyn_cast<MemberExpr>(MCE->getImplicitObjectArgument()); 1189 if (!IOA) 1190 return nullptr; 1191 FieldDecl *Field = dyn_cast<FieldDecl>(IOA->getMemberDecl()); 1192 if (!Field || !isMemcpyableField(Field)) 1193 return nullptr; 1194 MemberExpr *Arg0 = dyn_cast<MemberExpr>(MCE->getArg(0)); 1195 if (!Arg0 || Field != dyn_cast<FieldDecl>(Arg0->getMemberDecl())) 1196 return nullptr; 1197 return Field; 1198 } else if (CallExpr *CE = dyn_cast<CallExpr>(S)) { 1199 FunctionDecl *FD = dyn_cast<FunctionDecl>(CE->getCalleeDecl()); 1200 if (!FD || FD->getBuiltinID() != Builtin::BI__builtin_memcpy) 1201 return nullptr; 1202 Expr *DstPtr = CE->getArg(0); 1203 if (ImplicitCastExpr *DC = dyn_cast<ImplicitCastExpr>(DstPtr)) 1204 DstPtr = DC->getSubExpr(); 1205 UnaryOperator *DUO = dyn_cast<UnaryOperator>(DstPtr); 1206 if (!DUO || DUO->getOpcode() != UO_AddrOf) 1207 return nullptr; 1208 MemberExpr *ME = dyn_cast<MemberExpr>(DUO->getSubExpr()); 1209 if (!ME) 1210 return nullptr; 1211 FieldDecl *Field = dyn_cast<FieldDecl>(ME->getMemberDecl()); 1212 if (!Field || !isMemcpyableField(Field)) 1213 return nullptr; 1214 Expr *SrcPtr = CE->getArg(1); 1215 if (ImplicitCastExpr *SC = dyn_cast<ImplicitCastExpr>(SrcPtr)) 1216 SrcPtr = SC->getSubExpr(); 1217 UnaryOperator *SUO = dyn_cast<UnaryOperator>(SrcPtr); 1218 if (!SUO || SUO->getOpcode() != UO_AddrOf) 1219 return nullptr; 1220 MemberExpr *ME2 = dyn_cast<MemberExpr>(SUO->getSubExpr()); 1221 if (!ME2 || Field != dyn_cast<FieldDecl>(ME2->getMemberDecl())) 1222 return nullptr; 1223 return Field; 1224 } 1225 1226 return nullptr; 1227 } 1228 1229 bool AssignmentsMemcpyable; 1230 SmallVector<Stmt*, 16> AggregatedStmts; 1231 1232 public: 1233 AssignmentMemcpyizer(CodeGenFunction &CGF, const CXXMethodDecl *AD, 1234 FunctionArgList &Args) 1235 : FieldMemcpyizer(CGF, AD->getParent(), Args[Args.size() - 1]), 1236 AssignmentsMemcpyable(CGF.getLangOpts().getGC() == LangOptions::NonGC) { 1237 assert(Args.size() == 2); 1238 } 1239 1240 void emitAssignment(Stmt *S) { 1241 FieldDecl *F = getMemcpyableField(S); 1242 if (F) { 1243 addMemcpyableField(F); 1244 AggregatedStmts.push_back(S); 1245 } else { 1246 emitAggregatedStmts(); 1247 CGF.EmitStmt(S); 1248 } 1249 } 1250 1251 void emitAggregatedStmts() { 1252 if (AggregatedStmts.size() <= 1) { 1253 if (!AggregatedStmts.empty()) { 1254 CopyingValueRepresentation CVR(CGF); 1255 CGF.EmitStmt(AggregatedStmts[0]); 1256 } 1257 reset(); 1258 } 1259 1260 emitMemcpy(); 1261 AggregatedStmts.clear(); 1262 } 1263 1264 void finish() { 1265 emitAggregatedStmts(); 1266 } 1267 }; 1268 } // end anonymous namespace 1269 1270 static bool isInitializerOfDynamicClass(const CXXCtorInitializer *BaseInit) { 1271 const Type *BaseType = BaseInit->getBaseClass(); 1272 const auto *BaseClassDecl = 1273 cast<CXXRecordDecl>(BaseType->castAs<RecordType>()->getDecl()); 1274 return BaseClassDecl->isDynamicClass(); 1275 } 1276 1277 /// EmitCtorPrologue - This routine generates necessary code to initialize 1278 /// base classes and non-static data members belonging to this constructor. 1279 void CodeGenFunction::EmitCtorPrologue(const CXXConstructorDecl *CD, 1280 CXXCtorType CtorType, 1281 FunctionArgList &Args) { 1282 if (CD->isDelegatingConstructor()) 1283 return EmitDelegatingCXXConstructorCall(CD, Args); 1284 1285 const CXXRecordDecl *ClassDecl = CD->getParent(); 1286 1287 CXXConstructorDecl::init_const_iterator B = CD->init_begin(), 1288 E = CD->init_end(); 1289 1290 // Virtual base initializers first, if any. They aren't needed if: 1291 // - This is a base ctor variant 1292 // - There are no vbases 1293 // - The class is abstract, so a complete object of it cannot be constructed 1294 // 1295 // The check for an abstract class is necessary because sema may not have 1296 // marked virtual base destructors referenced. 1297 bool ConstructVBases = CtorType != Ctor_Base && 1298 ClassDecl->getNumVBases() != 0 && 1299 !ClassDecl->isAbstract(); 1300 1301 // In the Microsoft C++ ABI, there are no constructor variants. Instead, the 1302 // constructor of a class with virtual bases takes an additional parameter to 1303 // conditionally construct the virtual bases. Emit that check here. 1304 llvm::BasicBlock *BaseCtorContinueBB = nullptr; 1305 if (ConstructVBases && 1306 !CGM.getTarget().getCXXABI().hasConstructorVariants()) { 1307 BaseCtorContinueBB = 1308 CGM.getCXXABI().EmitCtorCompleteObjectHandler(*this, ClassDecl); 1309 assert(BaseCtorContinueBB); 1310 } 1311 1312 llvm::Value *const OldThis = CXXThisValue; 1313 for (; B != E && (*B)->isBaseInitializer() && (*B)->isBaseVirtual(); B++) { 1314 if (!ConstructVBases) 1315 continue; 1316 if (CGM.getCodeGenOpts().StrictVTablePointers && 1317 CGM.getCodeGenOpts().OptimizationLevel > 0 && 1318 isInitializerOfDynamicClass(*B)) 1319 CXXThisValue = Builder.CreateLaunderInvariantGroup(LoadCXXThis()); 1320 EmitBaseInitializer(*this, ClassDecl, *B); 1321 } 1322 1323 if (BaseCtorContinueBB) { 1324 // Complete object handler should continue to the remaining initializers. 1325 Builder.CreateBr(BaseCtorContinueBB); 1326 EmitBlock(BaseCtorContinueBB); 1327 } 1328 1329 // Then, non-virtual base initializers. 1330 for (; B != E && (*B)->isBaseInitializer(); B++) { 1331 assert(!(*B)->isBaseVirtual()); 1332 1333 if (CGM.getCodeGenOpts().StrictVTablePointers && 1334 CGM.getCodeGenOpts().OptimizationLevel > 0 && 1335 isInitializerOfDynamicClass(*B)) 1336 CXXThisValue = Builder.CreateLaunderInvariantGroup(LoadCXXThis()); 1337 EmitBaseInitializer(*this, ClassDecl, *B); 1338 } 1339 1340 CXXThisValue = OldThis; 1341 1342 InitializeVTablePointers(ClassDecl); 1343 1344 // And finally, initialize class members. 1345 FieldConstructionScope FCS(*this, LoadCXXThisAddress()); 1346 ConstructorMemcpyizer CM(*this, CD, Args); 1347 for (; B != E; B++) { 1348 CXXCtorInitializer *Member = (*B); 1349 assert(!Member->isBaseInitializer()); 1350 assert(Member->isAnyMemberInitializer() && 1351 "Delegating initializer on non-delegating constructor"); 1352 CM.addMemberInitializer(Member); 1353 } 1354 CM.finish(); 1355 } 1356 1357 static bool 1358 FieldHasTrivialDestructorBody(ASTContext &Context, const FieldDecl *Field); 1359 1360 static bool 1361 HasTrivialDestructorBody(ASTContext &Context, 1362 const CXXRecordDecl *BaseClassDecl, 1363 const CXXRecordDecl *MostDerivedClassDecl) 1364 { 1365 // If the destructor is trivial we don't have to check anything else. 1366 if (BaseClassDecl->hasTrivialDestructor()) 1367 return true; 1368 1369 if (!BaseClassDecl->getDestructor()->hasTrivialBody()) 1370 return false; 1371 1372 // Check fields. 1373 for (const auto *Field : BaseClassDecl->fields()) 1374 if (!FieldHasTrivialDestructorBody(Context, Field)) 1375 return false; 1376 1377 // Check non-virtual bases. 1378 for (const auto &I : BaseClassDecl->bases()) { 1379 if (I.isVirtual()) 1380 continue; 1381 1382 const CXXRecordDecl *NonVirtualBase = 1383 cast<CXXRecordDecl>(I.getType()->castAs<RecordType>()->getDecl()); 1384 if (!HasTrivialDestructorBody(Context, NonVirtualBase, 1385 MostDerivedClassDecl)) 1386 return false; 1387 } 1388 1389 if (BaseClassDecl == MostDerivedClassDecl) { 1390 // Check virtual bases. 1391 for (const auto &I : BaseClassDecl->vbases()) { 1392 const CXXRecordDecl *VirtualBase = 1393 cast<CXXRecordDecl>(I.getType()->castAs<RecordType>()->getDecl()); 1394 if (!HasTrivialDestructorBody(Context, VirtualBase, 1395 MostDerivedClassDecl)) 1396 return false; 1397 } 1398 } 1399 1400 return true; 1401 } 1402 1403 static bool 1404 FieldHasTrivialDestructorBody(ASTContext &Context, 1405 const FieldDecl *Field) 1406 { 1407 QualType FieldBaseElementType = Context.getBaseElementType(Field->getType()); 1408 1409 const RecordType *RT = FieldBaseElementType->getAs<RecordType>(); 1410 if (!RT) 1411 return true; 1412 1413 CXXRecordDecl *FieldClassDecl = cast<CXXRecordDecl>(RT->getDecl()); 1414 1415 // The destructor for an implicit anonymous union member is never invoked. 1416 if (FieldClassDecl->isUnion() && FieldClassDecl->isAnonymousStructOrUnion()) 1417 return false; 1418 1419 return HasTrivialDestructorBody(Context, FieldClassDecl, FieldClassDecl); 1420 } 1421 1422 /// CanSkipVTablePointerInitialization - Check whether we need to initialize 1423 /// any vtable pointers before calling this destructor. 1424 static bool CanSkipVTablePointerInitialization(CodeGenFunction &CGF, 1425 const CXXDestructorDecl *Dtor) { 1426 const CXXRecordDecl *ClassDecl = Dtor->getParent(); 1427 if (!ClassDecl->isDynamicClass()) 1428 return true; 1429 1430 if (!Dtor->hasTrivialBody()) 1431 return false; 1432 1433 // Check the fields. 1434 for (const auto *Field : ClassDecl->fields()) 1435 if (!FieldHasTrivialDestructorBody(CGF.getContext(), Field)) 1436 return false; 1437 1438 return true; 1439 } 1440 1441 /// EmitDestructorBody - Emits the body of the current destructor. 1442 void CodeGenFunction::EmitDestructorBody(FunctionArgList &Args) { 1443 const CXXDestructorDecl *Dtor = cast<CXXDestructorDecl>(CurGD.getDecl()); 1444 CXXDtorType DtorType = CurGD.getDtorType(); 1445 1446 // For an abstract class, non-base destructors are never used (and can't 1447 // be emitted in general, because vbase dtors may not have been validated 1448 // by Sema), but the Itanium ABI doesn't make them optional and Clang may 1449 // in fact emit references to them from other compilations, so emit them 1450 // as functions containing a trap instruction. 1451 if (DtorType != Dtor_Base && Dtor->getParent()->isAbstract()) { 1452 llvm::CallInst *TrapCall = EmitTrapCall(llvm::Intrinsic::trap); 1453 TrapCall->setDoesNotReturn(); 1454 TrapCall->setDoesNotThrow(); 1455 Builder.CreateUnreachable(); 1456 Builder.ClearInsertionPoint(); 1457 return; 1458 } 1459 1460 Stmt *Body = Dtor->getBody(); 1461 if (Body) 1462 incrementProfileCounter(Body); 1463 1464 // The call to operator delete in a deleting destructor happens 1465 // outside of the function-try-block, which means it's always 1466 // possible to delegate the destructor body to the complete 1467 // destructor. Do so. 1468 if (DtorType == Dtor_Deleting) { 1469 RunCleanupsScope DtorEpilogue(*this); 1470 EnterDtorCleanups(Dtor, Dtor_Deleting); 1471 if (HaveInsertPoint()) { 1472 QualType ThisTy = Dtor->getThisObjectType(); 1473 EmitCXXDestructorCall(Dtor, Dtor_Complete, /*ForVirtualBase=*/false, 1474 /*Delegating=*/false, LoadCXXThisAddress(), ThisTy); 1475 } 1476 return; 1477 } 1478 1479 // If the body is a function-try-block, enter the try before 1480 // anything else. 1481 bool isTryBody = (Body && isa<CXXTryStmt>(Body)); 1482 if (isTryBody) 1483 EnterCXXTryStmt(*cast<CXXTryStmt>(Body), true); 1484 EmitAsanPrologueOrEpilogue(false); 1485 1486 // Enter the epilogue cleanups. 1487 RunCleanupsScope DtorEpilogue(*this); 1488 1489 // If this is the complete variant, just invoke the base variant; 1490 // the epilogue will destruct the virtual bases. But we can't do 1491 // this optimization if the body is a function-try-block, because 1492 // we'd introduce *two* handler blocks. In the Microsoft ABI, we 1493 // always delegate because we might not have a definition in this TU. 1494 switch (DtorType) { 1495 case Dtor_Comdat: llvm_unreachable("not expecting a COMDAT"); 1496 case Dtor_Deleting: llvm_unreachable("already handled deleting case"); 1497 1498 case Dtor_Complete: 1499 assert((Body || getTarget().getCXXABI().isMicrosoft()) && 1500 "can't emit a dtor without a body for non-Microsoft ABIs"); 1501 1502 // Enter the cleanup scopes for virtual bases. 1503 EnterDtorCleanups(Dtor, Dtor_Complete); 1504 1505 if (!isTryBody) { 1506 QualType ThisTy = Dtor->getThisObjectType(); 1507 EmitCXXDestructorCall(Dtor, Dtor_Base, /*ForVirtualBase=*/false, 1508 /*Delegating=*/false, LoadCXXThisAddress(), ThisTy); 1509 break; 1510 } 1511 1512 // Fallthrough: act like we're in the base variant. 1513 LLVM_FALLTHROUGH; 1514 1515 case Dtor_Base: 1516 assert(Body); 1517 1518 // Enter the cleanup scopes for fields and non-virtual bases. 1519 EnterDtorCleanups(Dtor, Dtor_Base); 1520 1521 // Initialize the vtable pointers before entering the body. 1522 if (!CanSkipVTablePointerInitialization(*this, Dtor)) { 1523 // Insert the llvm.launder.invariant.group intrinsic before initializing 1524 // the vptrs to cancel any previous assumptions we might have made. 1525 if (CGM.getCodeGenOpts().StrictVTablePointers && 1526 CGM.getCodeGenOpts().OptimizationLevel > 0) 1527 CXXThisValue = Builder.CreateLaunderInvariantGroup(LoadCXXThis()); 1528 InitializeVTablePointers(Dtor->getParent()); 1529 } 1530 1531 if (isTryBody) 1532 EmitStmt(cast<CXXTryStmt>(Body)->getTryBlock()); 1533 else if (Body) 1534 EmitStmt(Body); 1535 else { 1536 assert(Dtor->isImplicit() && "bodyless dtor not implicit"); 1537 // nothing to do besides what's in the epilogue 1538 } 1539 // -fapple-kext must inline any call to this dtor into 1540 // the caller's body. 1541 if (getLangOpts().AppleKext) 1542 CurFn->addFnAttr(llvm::Attribute::AlwaysInline); 1543 1544 break; 1545 } 1546 1547 // Jump out through the epilogue cleanups. 1548 DtorEpilogue.ForceCleanup(); 1549 1550 // Exit the try if applicable. 1551 if (isTryBody) 1552 ExitCXXTryStmt(*cast<CXXTryStmt>(Body), true); 1553 } 1554 1555 void CodeGenFunction::emitImplicitAssignmentOperatorBody(FunctionArgList &Args) { 1556 const CXXMethodDecl *AssignOp = cast<CXXMethodDecl>(CurGD.getDecl()); 1557 const Stmt *RootS = AssignOp->getBody(); 1558 assert(isa<CompoundStmt>(RootS) && 1559 "Body of an implicit assignment operator should be compound stmt."); 1560 const CompoundStmt *RootCS = cast<CompoundStmt>(RootS); 1561 1562 LexicalScope Scope(*this, RootCS->getSourceRange()); 1563 1564 incrementProfileCounter(RootCS); 1565 AssignmentMemcpyizer AM(*this, AssignOp, Args); 1566 for (auto *I : RootCS->body()) 1567 AM.emitAssignment(I); 1568 AM.finish(); 1569 } 1570 1571 namespace { 1572 llvm::Value *LoadThisForDtorDelete(CodeGenFunction &CGF, 1573 const CXXDestructorDecl *DD) { 1574 if (Expr *ThisArg = DD->getOperatorDeleteThisArg()) 1575 return CGF.EmitScalarExpr(ThisArg); 1576 return CGF.LoadCXXThis(); 1577 } 1578 1579 /// Call the operator delete associated with the current destructor. 1580 struct CallDtorDelete final : EHScopeStack::Cleanup { 1581 CallDtorDelete() {} 1582 1583 void Emit(CodeGenFunction &CGF, Flags flags) override { 1584 const CXXDestructorDecl *Dtor = cast<CXXDestructorDecl>(CGF.CurCodeDecl); 1585 const CXXRecordDecl *ClassDecl = Dtor->getParent(); 1586 CGF.EmitDeleteCall(Dtor->getOperatorDelete(), 1587 LoadThisForDtorDelete(CGF, Dtor), 1588 CGF.getContext().getTagDeclType(ClassDecl)); 1589 } 1590 }; 1591 1592 void EmitConditionalDtorDeleteCall(CodeGenFunction &CGF, 1593 llvm::Value *ShouldDeleteCondition, 1594 bool ReturnAfterDelete) { 1595 llvm::BasicBlock *callDeleteBB = CGF.createBasicBlock("dtor.call_delete"); 1596 llvm::BasicBlock *continueBB = CGF.createBasicBlock("dtor.continue"); 1597 llvm::Value *ShouldCallDelete 1598 = CGF.Builder.CreateIsNull(ShouldDeleteCondition); 1599 CGF.Builder.CreateCondBr(ShouldCallDelete, continueBB, callDeleteBB); 1600 1601 CGF.EmitBlock(callDeleteBB); 1602 const CXXDestructorDecl *Dtor = cast<CXXDestructorDecl>(CGF.CurCodeDecl); 1603 const CXXRecordDecl *ClassDecl = Dtor->getParent(); 1604 CGF.EmitDeleteCall(Dtor->getOperatorDelete(), 1605 LoadThisForDtorDelete(CGF, Dtor), 1606 CGF.getContext().getTagDeclType(ClassDecl)); 1607 assert(Dtor->getOperatorDelete()->isDestroyingOperatorDelete() == 1608 ReturnAfterDelete && 1609 "unexpected value for ReturnAfterDelete"); 1610 if (ReturnAfterDelete) 1611 CGF.EmitBranchThroughCleanup(CGF.ReturnBlock); 1612 else 1613 CGF.Builder.CreateBr(continueBB); 1614 1615 CGF.EmitBlock(continueBB); 1616 } 1617 1618 struct CallDtorDeleteConditional final : EHScopeStack::Cleanup { 1619 llvm::Value *ShouldDeleteCondition; 1620 1621 public: 1622 CallDtorDeleteConditional(llvm::Value *ShouldDeleteCondition) 1623 : ShouldDeleteCondition(ShouldDeleteCondition) { 1624 assert(ShouldDeleteCondition != nullptr); 1625 } 1626 1627 void Emit(CodeGenFunction &CGF, Flags flags) override { 1628 EmitConditionalDtorDeleteCall(CGF, ShouldDeleteCondition, 1629 /*ReturnAfterDelete*/false); 1630 } 1631 }; 1632 1633 class DestroyField final : public EHScopeStack::Cleanup { 1634 const FieldDecl *field; 1635 CodeGenFunction::Destroyer *destroyer; 1636 bool useEHCleanupForArray; 1637 1638 public: 1639 DestroyField(const FieldDecl *field, CodeGenFunction::Destroyer *destroyer, 1640 bool useEHCleanupForArray) 1641 : field(field), destroyer(destroyer), 1642 useEHCleanupForArray(useEHCleanupForArray) {} 1643 1644 void Emit(CodeGenFunction &CGF, Flags flags) override { 1645 // Find the address of the field. 1646 Address thisValue = CGF.LoadCXXThisAddress(); 1647 QualType RecordTy = CGF.getContext().getTagDeclType(field->getParent()); 1648 LValue ThisLV = CGF.MakeAddrLValue(thisValue, RecordTy); 1649 LValue LV = CGF.EmitLValueForField(ThisLV, field); 1650 assert(LV.isSimple()); 1651 1652 CGF.emitDestroy(LV.getAddress(CGF), field->getType(), destroyer, 1653 flags.isForNormalCleanup() && useEHCleanupForArray); 1654 } 1655 }; 1656 1657 static void EmitSanitizerDtorCallback(CodeGenFunction &CGF, llvm::Value *Ptr, 1658 CharUnits::QuantityType PoisonSize) { 1659 CodeGenFunction::SanitizerScope SanScope(&CGF); 1660 // Pass in void pointer and size of region as arguments to runtime 1661 // function 1662 llvm::Value *Args[] = {CGF.Builder.CreateBitCast(Ptr, CGF.VoidPtrTy), 1663 llvm::ConstantInt::get(CGF.SizeTy, PoisonSize)}; 1664 1665 llvm::Type *ArgTypes[] = {CGF.VoidPtrTy, CGF.SizeTy}; 1666 1667 llvm::FunctionType *FnType = 1668 llvm::FunctionType::get(CGF.VoidTy, ArgTypes, false); 1669 llvm::FunctionCallee Fn = 1670 CGF.CGM.CreateRuntimeFunction(FnType, "__sanitizer_dtor_callback"); 1671 CGF.EmitNounwindRuntimeCall(Fn, Args); 1672 } 1673 1674 class SanitizeDtorMembers final : public EHScopeStack::Cleanup { 1675 const CXXDestructorDecl *Dtor; 1676 1677 public: 1678 SanitizeDtorMembers(const CXXDestructorDecl *Dtor) : Dtor(Dtor) {} 1679 1680 // Generate function call for handling object poisoning. 1681 // Disables tail call elimination, to prevent the current stack frame 1682 // from disappearing from the stack trace. 1683 void Emit(CodeGenFunction &CGF, Flags flags) override { 1684 const ASTRecordLayout &Layout = 1685 CGF.getContext().getASTRecordLayout(Dtor->getParent()); 1686 1687 // Nothing to poison. 1688 if (Layout.getFieldCount() == 0) 1689 return; 1690 1691 // Prevent the current stack frame from disappearing from the stack trace. 1692 CGF.CurFn->addFnAttr("disable-tail-calls", "true"); 1693 1694 // Construct pointer to region to begin poisoning, and calculate poison 1695 // size, so that only members declared in this class are poisoned. 1696 ASTContext &Context = CGF.getContext(); 1697 1698 const RecordDecl *Decl = Dtor->getParent(); 1699 auto Fields = Decl->fields(); 1700 auto IsTrivial = [&](const FieldDecl *F) { 1701 return FieldHasTrivialDestructorBody(Context, F); 1702 }; 1703 1704 auto IsZeroSize = [&](const FieldDecl *F) { 1705 return F->isZeroSize(Context); 1706 }; 1707 1708 // Poison blocks of fields with trivial destructors making sure that block 1709 // begin and end do not point to zero-sized fields. They don't have 1710 // correct offsets so can't be used to calculate poisoning range. 1711 for (auto It = Fields.begin(); It != Fields.end();) { 1712 It = std::find_if(It, Fields.end(), [&](const FieldDecl *F) { 1713 return IsTrivial(F) && !IsZeroSize(F); 1714 }); 1715 if (It == Fields.end()) 1716 break; 1717 auto Start = It++; 1718 It = std::find_if(It, Fields.end(), [&](const FieldDecl *F) { 1719 return !IsTrivial(F) && !IsZeroSize(F); 1720 }); 1721 1722 PoisonMembers(CGF, (*Start)->getFieldIndex(), 1723 It == Fields.end() ? -1 : (*It)->getFieldIndex()); 1724 } 1725 } 1726 1727 private: 1728 /// \param layoutStartOffset index of the ASTRecordLayout field to 1729 /// start poisoning (inclusive) 1730 /// \param layoutEndOffset index of the ASTRecordLayout field to 1731 /// end poisoning (exclusive) 1732 void PoisonMembers(CodeGenFunction &CGF, unsigned layoutStartOffset, 1733 unsigned layoutEndOffset) { 1734 ASTContext &Context = CGF.getContext(); 1735 const ASTRecordLayout &Layout = 1736 Context.getASTRecordLayout(Dtor->getParent()); 1737 1738 // It's a first trivia field so it should be at the begining of char, 1739 // still round up start offset just in case. 1740 CharUnits PoisonStart = 1741 Context.toCharUnitsFromBits(Layout.getFieldOffset(layoutStartOffset) + 1742 Context.getCharWidth() - 1); 1743 llvm::ConstantInt *OffsetSizePtr = 1744 llvm::ConstantInt::get(CGF.SizeTy, PoisonStart.getQuantity()); 1745 1746 llvm::Value *OffsetPtr = CGF.Builder.CreateGEP( 1747 CGF.Builder.CreateBitCast(CGF.LoadCXXThis(), CGF.Int8PtrTy), 1748 OffsetSizePtr); 1749 1750 CharUnits PoisonEnd; 1751 if (layoutEndOffset >= Layout.getFieldCount()) { 1752 PoisonEnd = Layout.getNonVirtualSize(); 1753 } else { 1754 PoisonEnd = 1755 Context.toCharUnitsFromBits(Layout.getFieldOffset(layoutEndOffset)); 1756 } 1757 CharUnits PoisonSize = PoisonEnd - PoisonStart; 1758 if (!PoisonSize.isPositive()) 1759 return; 1760 1761 EmitSanitizerDtorCallback(CGF, OffsetPtr, PoisonSize.getQuantity()); 1762 } 1763 }; 1764 1765 class SanitizeDtorVTable final : public EHScopeStack::Cleanup { 1766 const CXXDestructorDecl *Dtor; 1767 1768 public: 1769 SanitizeDtorVTable(const CXXDestructorDecl *Dtor) : Dtor(Dtor) {} 1770 1771 // Generate function call for handling vtable pointer poisoning. 1772 void Emit(CodeGenFunction &CGF, Flags flags) override { 1773 assert(Dtor->getParent()->isDynamicClass()); 1774 (void)Dtor; 1775 ASTContext &Context = CGF.getContext(); 1776 // Poison vtable and vtable ptr if they exist for this class. 1777 llvm::Value *VTablePtr = CGF.LoadCXXThis(); 1778 1779 CharUnits::QuantityType PoisonSize = 1780 Context.toCharUnitsFromBits(CGF.PointerWidthInBits).getQuantity(); 1781 // Pass in void pointer and size of region as arguments to runtime 1782 // function 1783 EmitSanitizerDtorCallback(CGF, VTablePtr, PoisonSize); 1784 } 1785 }; 1786 } // end anonymous namespace 1787 1788 /// Emit all code that comes at the end of class's 1789 /// destructor. This is to call destructors on members and base classes 1790 /// in reverse order of their construction. 1791 /// 1792 /// For a deleting destructor, this also handles the case where a destroying 1793 /// operator delete completely overrides the definition. 1794 void CodeGenFunction::EnterDtorCleanups(const CXXDestructorDecl *DD, 1795 CXXDtorType DtorType) { 1796 assert((!DD->isTrivial() || DD->hasAttr<DLLExportAttr>()) && 1797 "Should not emit dtor epilogue for non-exported trivial dtor!"); 1798 1799 // The deleting-destructor phase just needs to call the appropriate 1800 // operator delete that Sema picked up. 1801 if (DtorType == Dtor_Deleting) { 1802 assert(DD->getOperatorDelete() && 1803 "operator delete missing - EnterDtorCleanups"); 1804 if (CXXStructorImplicitParamValue) { 1805 // If there is an implicit param to the deleting dtor, it's a boolean 1806 // telling whether this is a deleting destructor. 1807 if (DD->getOperatorDelete()->isDestroyingOperatorDelete()) 1808 EmitConditionalDtorDeleteCall(*this, CXXStructorImplicitParamValue, 1809 /*ReturnAfterDelete*/true); 1810 else 1811 EHStack.pushCleanup<CallDtorDeleteConditional>( 1812 NormalAndEHCleanup, CXXStructorImplicitParamValue); 1813 } else { 1814 if (DD->getOperatorDelete()->isDestroyingOperatorDelete()) { 1815 const CXXRecordDecl *ClassDecl = DD->getParent(); 1816 EmitDeleteCall(DD->getOperatorDelete(), 1817 LoadThisForDtorDelete(*this, DD), 1818 getContext().getTagDeclType(ClassDecl)); 1819 EmitBranchThroughCleanup(ReturnBlock); 1820 } else { 1821 EHStack.pushCleanup<CallDtorDelete>(NormalAndEHCleanup); 1822 } 1823 } 1824 return; 1825 } 1826 1827 const CXXRecordDecl *ClassDecl = DD->getParent(); 1828 1829 // Unions have no bases and do not call field destructors. 1830 if (ClassDecl->isUnion()) 1831 return; 1832 1833 // The complete-destructor phase just destructs all the virtual bases. 1834 if (DtorType == Dtor_Complete) { 1835 // Poison the vtable pointer such that access after the base 1836 // and member destructors are invoked is invalid. 1837 if (CGM.getCodeGenOpts().SanitizeMemoryUseAfterDtor && 1838 SanOpts.has(SanitizerKind::Memory) && ClassDecl->getNumVBases() && 1839 ClassDecl->isPolymorphic()) 1840 EHStack.pushCleanup<SanitizeDtorVTable>(NormalAndEHCleanup, DD); 1841 1842 // We push them in the forward order so that they'll be popped in 1843 // the reverse order. 1844 for (const auto &Base : ClassDecl->vbases()) { 1845 auto *BaseClassDecl = 1846 cast<CXXRecordDecl>(Base.getType()->castAs<RecordType>()->getDecl()); 1847 1848 // Ignore trivial destructors. 1849 if (BaseClassDecl->hasTrivialDestructor()) 1850 continue; 1851 1852 EHStack.pushCleanup<CallBaseDtor>(NormalAndEHCleanup, 1853 BaseClassDecl, 1854 /*BaseIsVirtual*/ true); 1855 } 1856 1857 return; 1858 } 1859 1860 assert(DtorType == Dtor_Base); 1861 // Poison the vtable pointer if it has no virtual bases, but inherits 1862 // virtual functions. 1863 if (CGM.getCodeGenOpts().SanitizeMemoryUseAfterDtor && 1864 SanOpts.has(SanitizerKind::Memory) && !ClassDecl->getNumVBases() && 1865 ClassDecl->isPolymorphic()) 1866 EHStack.pushCleanup<SanitizeDtorVTable>(NormalAndEHCleanup, DD); 1867 1868 // Destroy non-virtual bases. 1869 for (const auto &Base : ClassDecl->bases()) { 1870 // Ignore virtual bases. 1871 if (Base.isVirtual()) 1872 continue; 1873 1874 CXXRecordDecl *BaseClassDecl = Base.getType()->getAsCXXRecordDecl(); 1875 1876 // Ignore trivial destructors. 1877 if (BaseClassDecl->hasTrivialDestructor()) 1878 continue; 1879 1880 EHStack.pushCleanup<CallBaseDtor>(NormalAndEHCleanup, 1881 BaseClassDecl, 1882 /*BaseIsVirtual*/ false); 1883 } 1884 1885 // Poison fields such that access after their destructors are 1886 // invoked, and before the base class destructor runs, is invalid. 1887 if (CGM.getCodeGenOpts().SanitizeMemoryUseAfterDtor && 1888 SanOpts.has(SanitizerKind::Memory)) 1889 EHStack.pushCleanup<SanitizeDtorMembers>(NormalAndEHCleanup, DD); 1890 1891 // Destroy direct fields. 1892 for (const auto *Field : ClassDecl->fields()) { 1893 QualType type = Field->getType(); 1894 QualType::DestructionKind dtorKind = type.isDestructedType(); 1895 if (!dtorKind) continue; 1896 1897 // Anonymous union members do not have their destructors called. 1898 const RecordType *RT = type->getAsUnionType(); 1899 if (RT && RT->getDecl()->isAnonymousStructOrUnion()) continue; 1900 1901 CleanupKind cleanupKind = getCleanupKind(dtorKind); 1902 EHStack.pushCleanup<DestroyField>(cleanupKind, Field, 1903 getDestroyer(dtorKind), 1904 cleanupKind & EHCleanup); 1905 } 1906 } 1907 1908 /// EmitCXXAggrConstructorCall - Emit a loop to call a particular 1909 /// constructor for each of several members of an array. 1910 /// 1911 /// \param ctor the constructor to call for each element 1912 /// \param arrayType the type of the array to initialize 1913 /// \param arrayBegin an arrayType* 1914 /// \param zeroInitialize true if each element should be 1915 /// zero-initialized before it is constructed 1916 void CodeGenFunction::EmitCXXAggrConstructorCall( 1917 const CXXConstructorDecl *ctor, const ArrayType *arrayType, 1918 Address arrayBegin, const CXXConstructExpr *E, bool NewPointerIsChecked, 1919 bool zeroInitialize) { 1920 QualType elementType; 1921 llvm::Value *numElements = 1922 emitArrayLength(arrayType, elementType, arrayBegin); 1923 1924 EmitCXXAggrConstructorCall(ctor, numElements, arrayBegin, E, 1925 NewPointerIsChecked, zeroInitialize); 1926 } 1927 1928 /// EmitCXXAggrConstructorCall - Emit a loop to call a particular 1929 /// constructor for each of several members of an array. 1930 /// 1931 /// \param ctor the constructor to call for each element 1932 /// \param numElements the number of elements in the array; 1933 /// may be zero 1934 /// \param arrayBase a T*, where T is the type constructed by ctor 1935 /// \param zeroInitialize true if each element should be 1936 /// zero-initialized before it is constructed 1937 void CodeGenFunction::EmitCXXAggrConstructorCall(const CXXConstructorDecl *ctor, 1938 llvm::Value *numElements, 1939 Address arrayBase, 1940 const CXXConstructExpr *E, 1941 bool NewPointerIsChecked, 1942 bool zeroInitialize) { 1943 // It's legal for numElements to be zero. This can happen both 1944 // dynamically, because x can be zero in 'new A[x]', and statically, 1945 // because of GCC extensions that permit zero-length arrays. There 1946 // are probably legitimate places where we could assume that this 1947 // doesn't happen, but it's not clear that it's worth it. 1948 llvm::BranchInst *zeroCheckBranch = nullptr; 1949 1950 // Optimize for a constant count. 1951 llvm::ConstantInt *constantCount 1952 = dyn_cast<llvm::ConstantInt>(numElements); 1953 if (constantCount) { 1954 // Just skip out if the constant count is zero. 1955 if (constantCount->isZero()) return; 1956 1957 // Otherwise, emit the check. 1958 } else { 1959 llvm::BasicBlock *loopBB = createBasicBlock("new.ctorloop"); 1960 llvm::Value *iszero = Builder.CreateIsNull(numElements, "isempty"); 1961 zeroCheckBranch = Builder.CreateCondBr(iszero, loopBB, loopBB); 1962 EmitBlock(loopBB); 1963 } 1964 1965 // Find the end of the array. 1966 llvm::Type *elementType = arrayBase.getElementType(); 1967 llvm::Value *arrayBegin = arrayBase.getPointer(); 1968 llvm::Value *arrayEnd = Builder.CreateInBoundsGEP( 1969 elementType, arrayBegin, numElements, "arrayctor.end"); 1970 1971 // Enter the loop, setting up a phi for the current location to initialize. 1972 llvm::BasicBlock *entryBB = Builder.GetInsertBlock(); 1973 llvm::BasicBlock *loopBB = createBasicBlock("arrayctor.loop"); 1974 EmitBlock(loopBB); 1975 llvm::PHINode *cur = Builder.CreatePHI(arrayBegin->getType(), 2, 1976 "arrayctor.cur"); 1977 cur->addIncoming(arrayBegin, entryBB); 1978 1979 // Inside the loop body, emit the constructor call on the array element. 1980 1981 // The alignment of the base, adjusted by the size of a single element, 1982 // provides a conservative estimate of the alignment of every element. 1983 // (This assumes we never start tracking offsetted alignments.) 1984 // 1985 // Note that these are complete objects and so we don't need to 1986 // use the non-virtual size or alignment. 1987 QualType type = getContext().getTypeDeclType(ctor->getParent()); 1988 CharUnits eltAlignment = 1989 arrayBase.getAlignment() 1990 .alignmentOfArrayElement(getContext().getTypeSizeInChars(type)); 1991 Address curAddr = Address(cur, eltAlignment); 1992 1993 // Zero initialize the storage, if requested. 1994 if (zeroInitialize) 1995 EmitNullInitialization(curAddr, type); 1996 1997 // C++ [class.temporary]p4: 1998 // There are two contexts in which temporaries are destroyed at a different 1999 // point than the end of the full-expression. The first context is when a 2000 // default constructor is called to initialize an element of an array. 2001 // If the constructor has one or more default arguments, the destruction of 2002 // every temporary created in a default argument expression is sequenced 2003 // before the construction of the next array element, if any. 2004 2005 { 2006 RunCleanupsScope Scope(*this); 2007 2008 // Evaluate the constructor and its arguments in a regular 2009 // partial-destroy cleanup. 2010 if (getLangOpts().Exceptions && 2011 !ctor->getParent()->hasTrivialDestructor()) { 2012 Destroyer *destroyer = destroyCXXObject; 2013 pushRegularPartialArrayCleanup(arrayBegin, cur, type, eltAlignment, 2014 *destroyer); 2015 } 2016 auto currAVS = AggValueSlot::forAddr( 2017 curAddr, type.getQualifiers(), AggValueSlot::IsDestructed, 2018 AggValueSlot::DoesNotNeedGCBarriers, AggValueSlot::IsNotAliased, 2019 AggValueSlot::DoesNotOverlap, AggValueSlot::IsNotZeroed, 2020 NewPointerIsChecked ? AggValueSlot::IsSanitizerChecked 2021 : AggValueSlot::IsNotSanitizerChecked); 2022 EmitCXXConstructorCall(ctor, Ctor_Complete, /*ForVirtualBase=*/false, 2023 /*Delegating=*/false, currAVS, E); 2024 } 2025 2026 // Go to the next element. 2027 llvm::Value *next = Builder.CreateInBoundsGEP( 2028 elementType, cur, llvm::ConstantInt::get(SizeTy, 1), "arrayctor.next"); 2029 cur->addIncoming(next, Builder.GetInsertBlock()); 2030 2031 // Check whether that's the end of the loop. 2032 llvm::Value *done = Builder.CreateICmpEQ(next, arrayEnd, "arrayctor.done"); 2033 llvm::BasicBlock *contBB = createBasicBlock("arrayctor.cont"); 2034 Builder.CreateCondBr(done, contBB, loopBB); 2035 2036 // Patch the earlier check to skip over the loop. 2037 if (zeroCheckBranch) zeroCheckBranch->setSuccessor(0, contBB); 2038 2039 EmitBlock(contBB); 2040 } 2041 2042 void CodeGenFunction::destroyCXXObject(CodeGenFunction &CGF, 2043 Address addr, 2044 QualType type) { 2045 const RecordType *rtype = type->castAs<RecordType>(); 2046 const CXXRecordDecl *record = cast<CXXRecordDecl>(rtype->getDecl()); 2047 const CXXDestructorDecl *dtor = record->getDestructor(); 2048 assert(!dtor->isTrivial()); 2049 CGF.EmitCXXDestructorCall(dtor, Dtor_Complete, /*for vbase*/ false, 2050 /*Delegating=*/false, addr, type); 2051 } 2052 2053 void CodeGenFunction::EmitCXXConstructorCall(const CXXConstructorDecl *D, 2054 CXXCtorType Type, 2055 bool ForVirtualBase, 2056 bool Delegating, 2057 AggValueSlot ThisAVS, 2058 const CXXConstructExpr *E) { 2059 CallArgList Args; 2060 Address This = ThisAVS.getAddress(); 2061 LangAS SlotAS = ThisAVS.getQualifiers().getAddressSpace(); 2062 QualType ThisType = D->getThisType(); 2063 LangAS ThisAS = ThisType.getTypePtr()->getPointeeType().getAddressSpace(); 2064 llvm::Value *ThisPtr = This.getPointer(); 2065 2066 if (SlotAS != ThisAS) { 2067 unsigned TargetThisAS = getContext().getTargetAddressSpace(ThisAS); 2068 llvm::Type *NewType = 2069 ThisPtr->getType()->getPointerElementType()->getPointerTo(TargetThisAS); 2070 ThisPtr = getTargetHooks().performAddrSpaceCast(*this, This.getPointer(), 2071 ThisAS, SlotAS, NewType); 2072 } 2073 2074 // Push the this ptr. 2075 Args.add(RValue::get(ThisPtr), D->getThisType()); 2076 2077 // If this is a trivial constructor, emit a memcpy now before we lose 2078 // the alignment information on the argument. 2079 // FIXME: It would be better to preserve alignment information into CallArg. 2080 if (isMemcpyEquivalentSpecialMember(D)) { 2081 assert(E->getNumArgs() == 1 && "unexpected argcount for trivial ctor"); 2082 2083 const Expr *Arg = E->getArg(0); 2084 LValue Src = EmitLValue(Arg); 2085 QualType DestTy = getContext().getTypeDeclType(D->getParent()); 2086 LValue Dest = MakeAddrLValue(This, DestTy); 2087 EmitAggregateCopyCtor(Dest, Src, ThisAVS.mayOverlap()); 2088 return; 2089 } 2090 2091 // Add the rest of the user-supplied arguments. 2092 const FunctionProtoType *FPT = D->getType()->castAs<FunctionProtoType>(); 2093 EvaluationOrder Order = E->isListInitialization() 2094 ? EvaluationOrder::ForceLeftToRight 2095 : EvaluationOrder::Default; 2096 EmitCallArgs(Args, FPT, E->arguments(), E->getConstructor(), 2097 /*ParamsToSkip*/ 0, Order); 2098 2099 EmitCXXConstructorCall(D, Type, ForVirtualBase, Delegating, This, Args, 2100 ThisAVS.mayOverlap(), E->getExprLoc(), 2101 ThisAVS.isSanitizerChecked()); 2102 } 2103 2104 static bool canEmitDelegateCallArgs(CodeGenFunction &CGF, 2105 const CXXConstructorDecl *Ctor, 2106 CXXCtorType Type, CallArgList &Args) { 2107 // We can't forward a variadic call. 2108 if (Ctor->isVariadic()) 2109 return false; 2110 2111 if (CGF.getTarget().getCXXABI().areArgsDestroyedLeftToRightInCallee()) { 2112 // If the parameters are callee-cleanup, it's not safe to forward. 2113 for (auto *P : Ctor->parameters()) 2114 if (P->needsDestruction(CGF.getContext())) 2115 return false; 2116 2117 // Likewise if they're inalloca. 2118 const CGFunctionInfo &Info = 2119 CGF.CGM.getTypes().arrangeCXXConstructorCall(Args, Ctor, Type, 0, 0); 2120 if (Info.usesInAlloca()) 2121 return false; 2122 } 2123 2124 // Anything else should be OK. 2125 return true; 2126 } 2127 2128 void CodeGenFunction::EmitCXXConstructorCall(const CXXConstructorDecl *D, 2129 CXXCtorType Type, 2130 bool ForVirtualBase, 2131 bool Delegating, 2132 Address This, 2133 CallArgList &Args, 2134 AggValueSlot::Overlap_t Overlap, 2135 SourceLocation Loc, 2136 bool NewPointerIsChecked) { 2137 const CXXRecordDecl *ClassDecl = D->getParent(); 2138 2139 if (!NewPointerIsChecked) 2140 EmitTypeCheck(CodeGenFunction::TCK_ConstructorCall, Loc, This.getPointer(), 2141 getContext().getRecordType(ClassDecl), CharUnits::Zero()); 2142 2143 if (D->isTrivial() && D->isDefaultConstructor()) { 2144 assert(Args.size() == 1 && "trivial default ctor with args"); 2145 return; 2146 } 2147 2148 // If this is a trivial constructor, just emit what's needed. If this is a 2149 // union copy constructor, we must emit a memcpy, because the AST does not 2150 // model that copy. 2151 if (isMemcpyEquivalentSpecialMember(D)) { 2152 assert(Args.size() == 2 && "unexpected argcount for trivial ctor"); 2153 2154 QualType SrcTy = D->getParamDecl(0)->getType().getNonReferenceType(); 2155 Address Src(Args[1].getRValue(*this).getScalarVal(), 2156 CGM.getNaturalTypeAlignment(SrcTy)); 2157 LValue SrcLVal = MakeAddrLValue(Src, SrcTy); 2158 QualType DestTy = getContext().getTypeDeclType(ClassDecl); 2159 LValue DestLVal = MakeAddrLValue(This, DestTy); 2160 EmitAggregateCopyCtor(DestLVal, SrcLVal, Overlap); 2161 return; 2162 } 2163 2164 bool PassPrototypeArgs = true; 2165 // Check whether we can actually emit the constructor before trying to do so. 2166 if (auto Inherited = D->getInheritedConstructor()) { 2167 PassPrototypeArgs = getTypes().inheritingCtorHasParams(Inherited, Type); 2168 if (PassPrototypeArgs && !canEmitDelegateCallArgs(*this, D, Type, Args)) { 2169 EmitInlinedInheritingCXXConstructorCall(D, Type, ForVirtualBase, 2170 Delegating, Args); 2171 return; 2172 } 2173 } 2174 2175 // Insert any ABI-specific implicit constructor arguments. 2176 CGCXXABI::AddedStructorArgCounts ExtraArgs = 2177 CGM.getCXXABI().addImplicitConstructorArgs(*this, D, Type, ForVirtualBase, 2178 Delegating, Args); 2179 2180 // Emit the call. 2181 llvm::Constant *CalleePtr = CGM.getAddrOfCXXStructor(GlobalDecl(D, Type)); 2182 const CGFunctionInfo &Info = CGM.getTypes().arrangeCXXConstructorCall( 2183 Args, D, Type, ExtraArgs.Prefix, ExtraArgs.Suffix, PassPrototypeArgs); 2184 CGCallee Callee = CGCallee::forDirect(CalleePtr, GlobalDecl(D, Type)); 2185 EmitCall(Info, Callee, ReturnValueSlot(), Args, nullptr, false, Loc); 2186 2187 // Generate vtable assumptions if we're constructing a complete object 2188 // with a vtable. We don't do this for base subobjects for two reasons: 2189 // first, it's incorrect for classes with virtual bases, and second, we're 2190 // about to overwrite the vptrs anyway. 2191 // We also have to make sure if we can refer to vtable: 2192 // - Otherwise we can refer to vtable if it's safe to speculatively emit. 2193 // FIXME: If vtable is used by ctor/dtor, or if vtable is external and we are 2194 // sure that definition of vtable is not hidden, 2195 // then we are always safe to refer to it. 2196 // FIXME: It looks like InstCombine is very inefficient on dealing with 2197 // assumes. Make assumption loads require -fstrict-vtable-pointers temporarily. 2198 if (CGM.getCodeGenOpts().OptimizationLevel > 0 && 2199 ClassDecl->isDynamicClass() && Type != Ctor_Base && 2200 CGM.getCXXABI().canSpeculativelyEmitVTable(ClassDecl) && 2201 CGM.getCodeGenOpts().StrictVTablePointers) 2202 EmitVTableAssumptionLoads(ClassDecl, This); 2203 } 2204 2205 void CodeGenFunction::EmitInheritedCXXConstructorCall( 2206 const CXXConstructorDecl *D, bool ForVirtualBase, Address This, 2207 bool InheritedFromVBase, const CXXInheritedCtorInitExpr *E) { 2208 CallArgList Args; 2209 CallArg ThisArg(RValue::get(This.getPointer()), D->getThisType()); 2210 2211 // Forward the parameters. 2212 if (InheritedFromVBase && 2213 CGM.getTarget().getCXXABI().hasConstructorVariants()) { 2214 // Nothing to do; this construction is not responsible for constructing 2215 // the base class containing the inherited constructor. 2216 // FIXME: Can we just pass undef's for the remaining arguments if we don't 2217 // have constructor variants? 2218 Args.push_back(ThisArg); 2219 } else if (!CXXInheritedCtorInitExprArgs.empty()) { 2220 // The inheriting constructor was inlined; just inject its arguments. 2221 assert(CXXInheritedCtorInitExprArgs.size() >= D->getNumParams() && 2222 "wrong number of parameters for inherited constructor call"); 2223 Args = CXXInheritedCtorInitExprArgs; 2224 Args[0] = ThisArg; 2225 } else { 2226 // The inheriting constructor was not inlined. Emit delegating arguments. 2227 Args.push_back(ThisArg); 2228 const auto *OuterCtor = cast<CXXConstructorDecl>(CurCodeDecl); 2229 assert(OuterCtor->getNumParams() == D->getNumParams()); 2230 assert(!OuterCtor->isVariadic() && "should have been inlined"); 2231 2232 for (const auto *Param : OuterCtor->parameters()) { 2233 assert(getContext().hasSameUnqualifiedType( 2234 OuterCtor->getParamDecl(Param->getFunctionScopeIndex())->getType(), 2235 Param->getType())); 2236 EmitDelegateCallArg(Args, Param, E->getLocation()); 2237 2238 // Forward __attribute__(pass_object_size). 2239 if (Param->hasAttr<PassObjectSizeAttr>()) { 2240 auto *POSParam = SizeArguments[Param]; 2241 assert(POSParam && "missing pass_object_size value for forwarding"); 2242 EmitDelegateCallArg(Args, POSParam, E->getLocation()); 2243 } 2244 } 2245 } 2246 2247 EmitCXXConstructorCall(D, Ctor_Base, ForVirtualBase, /*Delegating*/false, 2248 This, Args, AggValueSlot::MayOverlap, 2249 E->getLocation(), /*NewPointerIsChecked*/true); 2250 } 2251 2252 void CodeGenFunction::EmitInlinedInheritingCXXConstructorCall( 2253 const CXXConstructorDecl *Ctor, CXXCtorType CtorType, bool ForVirtualBase, 2254 bool Delegating, CallArgList &Args) { 2255 GlobalDecl GD(Ctor, CtorType); 2256 InlinedInheritingConstructorScope Scope(*this, GD); 2257 ApplyInlineDebugLocation DebugScope(*this, GD); 2258 RunCleanupsScope RunCleanups(*this); 2259 2260 // Save the arguments to be passed to the inherited constructor. 2261 CXXInheritedCtorInitExprArgs = Args; 2262 2263 FunctionArgList Params; 2264 QualType RetType = BuildFunctionArgList(CurGD, Params); 2265 FnRetTy = RetType; 2266 2267 // Insert any ABI-specific implicit constructor arguments. 2268 CGM.getCXXABI().addImplicitConstructorArgs(*this, Ctor, CtorType, 2269 ForVirtualBase, Delegating, Args); 2270 2271 // Emit a simplified prolog. We only need to emit the implicit params. 2272 assert(Args.size() >= Params.size() && "too few arguments for call"); 2273 for (unsigned I = 0, N = Args.size(); I != N; ++I) { 2274 if (I < Params.size() && isa<ImplicitParamDecl>(Params[I])) { 2275 const RValue &RV = Args[I].getRValue(*this); 2276 assert(!RV.isComplex() && "complex indirect params not supported"); 2277 ParamValue Val = RV.isScalar() 2278 ? ParamValue::forDirect(RV.getScalarVal()) 2279 : ParamValue::forIndirect(RV.getAggregateAddress()); 2280 EmitParmDecl(*Params[I], Val, I + 1); 2281 } 2282 } 2283 2284 // Create a return value slot if the ABI implementation wants one. 2285 // FIXME: This is dumb, we should ask the ABI not to try to set the return 2286 // value instead. 2287 if (!RetType->isVoidType()) 2288 ReturnValue = CreateIRTemp(RetType, "retval.inhctor"); 2289 2290 CGM.getCXXABI().EmitInstanceFunctionProlog(*this); 2291 CXXThisValue = CXXABIThisValue; 2292 2293 // Directly emit the constructor initializers. 2294 EmitCtorPrologue(Ctor, CtorType, Params); 2295 } 2296 2297 void CodeGenFunction::EmitVTableAssumptionLoad(const VPtr &Vptr, Address This) { 2298 llvm::Value *VTableGlobal = 2299 CGM.getCXXABI().getVTableAddressPoint(Vptr.Base, Vptr.VTableClass); 2300 if (!VTableGlobal) 2301 return; 2302 2303 // We can just use the base offset in the complete class. 2304 CharUnits NonVirtualOffset = Vptr.Base.getBaseOffset(); 2305 2306 if (!NonVirtualOffset.isZero()) 2307 This = 2308 ApplyNonVirtualAndVirtualOffset(*this, This, NonVirtualOffset, nullptr, 2309 Vptr.VTableClass, Vptr.NearestVBase); 2310 2311 llvm::Value *VPtrValue = 2312 GetVTablePtr(This, VTableGlobal->getType(), Vptr.VTableClass); 2313 llvm::Value *Cmp = 2314 Builder.CreateICmpEQ(VPtrValue, VTableGlobal, "cmp.vtables"); 2315 Builder.CreateAssumption(Cmp); 2316 } 2317 2318 void CodeGenFunction::EmitVTableAssumptionLoads(const CXXRecordDecl *ClassDecl, 2319 Address This) { 2320 if (CGM.getCXXABI().doStructorsInitializeVPtrs(ClassDecl)) 2321 for (const VPtr &Vptr : getVTablePointers(ClassDecl)) 2322 EmitVTableAssumptionLoad(Vptr, This); 2323 } 2324 2325 void 2326 CodeGenFunction::EmitSynthesizedCXXCopyCtorCall(const CXXConstructorDecl *D, 2327 Address This, Address Src, 2328 const CXXConstructExpr *E) { 2329 const FunctionProtoType *FPT = D->getType()->castAs<FunctionProtoType>(); 2330 2331 CallArgList Args; 2332 2333 // Push the this ptr. 2334 Args.add(RValue::get(This.getPointer()), D->getThisType()); 2335 2336 // Push the src ptr. 2337 QualType QT = *(FPT->param_type_begin()); 2338 llvm::Type *t = CGM.getTypes().ConvertType(QT); 2339 Src = Builder.CreateBitCast(Src, t); 2340 Args.add(RValue::get(Src.getPointer()), QT); 2341 2342 // Skip over first argument (Src). 2343 EmitCallArgs(Args, FPT, drop_begin(E->arguments(), 1), E->getConstructor(), 2344 /*ParamsToSkip*/ 1); 2345 2346 EmitCXXConstructorCall(D, Ctor_Complete, /*ForVirtualBase*/false, 2347 /*Delegating*/false, This, Args, 2348 AggValueSlot::MayOverlap, E->getExprLoc(), 2349 /*NewPointerIsChecked*/false); 2350 } 2351 2352 void 2353 CodeGenFunction::EmitDelegateCXXConstructorCall(const CXXConstructorDecl *Ctor, 2354 CXXCtorType CtorType, 2355 const FunctionArgList &Args, 2356 SourceLocation Loc) { 2357 CallArgList DelegateArgs; 2358 2359 FunctionArgList::const_iterator I = Args.begin(), E = Args.end(); 2360 assert(I != E && "no parameters to constructor"); 2361 2362 // this 2363 Address This = LoadCXXThisAddress(); 2364 DelegateArgs.add(RValue::get(This.getPointer()), (*I)->getType()); 2365 ++I; 2366 2367 // FIXME: The location of the VTT parameter in the parameter list is 2368 // specific to the Itanium ABI and shouldn't be hardcoded here. 2369 if (CGM.getCXXABI().NeedsVTTParameter(CurGD)) { 2370 assert(I != E && "cannot skip vtt parameter, already done with args"); 2371 assert((*I)->getType()->isPointerType() && 2372 "skipping parameter not of vtt type"); 2373 ++I; 2374 } 2375 2376 // Explicit arguments. 2377 for (; I != E; ++I) { 2378 const VarDecl *param = *I; 2379 // FIXME: per-argument source location 2380 EmitDelegateCallArg(DelegateArgs, param, Loc); 2381 } 2382 2383 EmitCXXConstructorCall(Ctor, CtorType, /*ForVirtualBase=*/false, 2384 /*Delegating=*/true, This, DelegateArgs, 2385 AggValueSlot::MayOverlap, Loc, 2386 /*NewPointerIsChecked=*/true); 2387 } 2388 2389 namespace { 2390 struct CallDelegatingCtorDtor final : EHScopeStack::Cleanup { 2391 const CXXDestructorDecl *Dtor; 2392 Address Addr; 2393 CXXDtorType Type; 2394 2395 CallDelegatingCtorDtor(const CXXDestructorDecl *D, Address Addr, 2396 CXXDtorType Type) 2397 : Dtor(D), Addr(Addr), Type(Type) {} 2398 2399 void Emit(CodeGenFunction &CGF, Flags flags) override { 2400 // We are calling the destructor from within the constructor. 2401 // Therefore, "this" should have the expected type. 2402 QualType ThisTy = Dtor->getThisObjectType(); 2403 CGF.EmitCXXDestructorCall(Dtor, Type, /*ForVirtualBase=*/false, 2404 /*Delegating=*/true, Addr, ThisTy); 2405 } 2406 }; 2407 } // end anonymous namespace 2408 2409 void 2410 CodeGenFunction::EmitDelegatingCXXConstructorCall(const CXXConstructorDecl *Ctor, 2411 const FunctionArgList &Args) { 2412 assert(Ctor->isDelegatingConstructor()); 2413 2414 Address ThisPtr = LoadCXXThisAddress(); 2415 2416 AggValueSlot AggSlot = 2417 AggValueSlot::forAddr(ThisPtr, Qualifiers(), 2418 AggValueSlot::IsDestructed, 2419 AggValueSlot::DoesNotNeedGCBarriers, 2420 AggValueSlot::IsNotAliased, 2421 AggValueSlot::MayOverlap, 2422 AggValueSlot::IsNotZeroed, 2423 // Checks are made by the code that calls constructor. 2424 AggValueSlot::IsSanitizerChecked); 2425 2426 EmitAggExpr(Ctor->init_begin()[0]->getInit(), AggSlot); 2427 2428 const CXXRecordDecl *ClassDecl = Ctor->getParent(); 2429 if (CGM.getLangOpts().Exceptions && !ClassDecl->hasTrivialDestructor()) { 2430 CXXDtorType Type = 2431 CurGD.getCtorType() == Ctor_Complete ? Dtor_Complete : Dtor_Base; 2432 2433 EHStack.pushCleanup<CallDelegatingCtorDtor>(EHCleanup, 2434 ClassDecl->getDestructor(), 2435 ThisPtr, Type); 2436 } 2437 } 2438 2439 void CodeGenFunction::EmitCXXDestructorCall(const CXXDestructorDecl *DD, 2440 CXXDtorType Type, 2441 bool ForVirtualBase, 2442 bool Delegating, Address This, 2443 QualType ThisTy) { 2444 CGM.getCXXABI().EmitDestructorCall(*this, DD, Type, ForVirtualBase, 2445 Delegating, This, ThisTy); 2446 } 2447 2448 namespace { 2449 struct CallLocalDtor final : EHScopeStack::Cleanup { 2450 const CXXDestructorDecl *Dtor; 2451 Address Addr; 2452 QualType Ty; 2453 2454 CallLocalDtor(const CXXDestructorDecl *D, Address Addr, QualType Ty) 2455 : Dtor(D), Addr(Addr), Ty(Ty) {} 2456 2457 void Emit(CodeGenFunction &CGF, Flags flags) override { 2458 CGF.EmitCXXDestructorCall(Dtor, Dtor_Complete, 2459 /*ForVirtualBase=*/false, 2460 /*Delegating=*/false, Addr, Ty); 2461 } 2462 }; 2463 } // end anonymous namespace 2464 2465 void CodeGenFunction::PushDestructorCleanup(const CXXDestructorDecl *D, 2466 QualType T, Address Addr) { 2467 EHStack.pushCleanup<CallLocalDtor>(NormalAndEHCleanup, D, Addr, T); 2468 } 2469 2470 void CodeGenFunction::PushDestructorCleanup(QualType T, Address Addr) { 2471 CXXRecordDecl *ClassDecl = T->getAsCXXRecordDecl(); 2472 if (!ClassDecl) return; 2473 if (ClassDecl->hasTrivialDestructor()) return; 2474 2475 const CXXDestructorDecl *D = ClassDecl->getDestructor(); 2476 assert(D && D->isUsed() && "destructor not marked as used!"); 2477 PushDestructorCleanup(D, T, Addr); 2478 } 2479 2480 void CodeGenFunction::InitializeVTablePointer(const VPtr &Vptr) { 2481 // Compute the address point. 2482 llvm::Value *VTableAddressPoint = 2483 CGM.getCXXABI().getVTableAddressPointInStructor( 2484 *this, Vptr.VTableClass, Vptr.Base, Vptr.NearestVBase); 2485 2486 if (!VTableAddressPoint) 2487 return; 2488 2489 // Compute where to store the address point. 2490 llvm::Value *VirtualOffset = nullptr; 2491 CharUnits NonVirtualOffset = CharUnits::Zero(); 2492 2493 if (CGM.getCXXABI().isVirtualOffsetNeededForVTableField(*this, Vptr)) { 2494 // We need to use the virtual base offset offset because the virtual base 2495 // might have a different offset in the most derived class. 2496 2497 VirtualOffset = CGM.getCXXABI().GetVirtualBaseClassOffset( 2498 *this, LoadCXXThisAddress(), Vptr.VTableClass, Vptr.NearestVBase); 2499 NonVirtualOffset = Vptr.OffsetFromNearestVBase; 2500 } else { 2501 // We can just use the base offset in the complete class. 2502 NonVirtualOffset = Vptr.Base.getBaseOffset(); 2503 } 2504 2505 // Apply the offsets. 2506 Address VTableField = LoadCXXThisAddress(); 2507 2508 if (!NonVirtualOffset.isZero() || VirtualOffset) 2509 VTableField = ApplyNonVirtualAndVirtualOffset( 2510 *this, VTableField, NonVirtualOffset, VirtualOffset, Vptr.VTableClass, 2511 Vptr.NearestVBase); 2512 2513 // Finally, store the address point. Use the same LLVM types as the field to 2514 // support optimization. 2515 unsigned GlobalsAS = CGM.getDataLayout().getDefaultGlobalsAddressSpace(); 2516 unsigned ProgAS = CGM.getDataLayout().getProgramAddressSpace(); 2517 llvm::Type *VTablePtrTy = 2518 llvm::FunctionType::get(CGM.Int32Ty, /*isVarArg=*/true) 2519 ->getPointerTo(ProgAS) 2520 ->getPointerTo(GlobalsAS); 2521 VTableField = Builder.CreatePointerBitCastOrAddrSpaceCast( 2522 VTableField, VTablePtrTy->getPointerTo(GlobalsAS)); 2523 VTableAddressPoint = Builder.CreatePointerBitCastOrAddrSpaceCast( 2524 VTableAddressPoint, VTablePtrTy); 2525 2526 llvm::StoreInst *Store = Builder.CreateStore(VTableAddressPoint, VTableField); 2527 TBAAAccessInfo TBAAInfo = CGM.getTBAAVTablePtrAccessInfo(VTablePtrTy); 2528 CGM.DecorateInstructionWithTBAA(Store, TBAAInfo); 2529 if (CGM.getCodeGenOpts().OptimizationLevel > 0 && 2530 CGM.getCodeGenOpts().StrictVTablePointers) 2531 CGM.DecorateInstructionWithInvariantGroup(Store, Vptr.VTableClass); 2532 } 2533 2534 CodeGenFunction::VPtrsVector 2535 CodeGenFunction::getVTablePointers(const CXXRecordDecl *VTableClass) { 2536 CodeGenFunction::VPtrsVector VPtrsResult; 2537 VisitedVirtualBasesSetTy VBases; 2538 getVTablePointers(BaseSubobject(VTableClass, CharUnits::Zero()), 2539 /*NearestVBase=*/nullptr, 2540 /*OffsetFromNearestVBase=*/CharUnits::Zero(), 2541 /*BaseIsNonVirtualPrimaryBase=*/false, VTableClass, VBases, 2542 VPtrsResult); 2543 return VPtrsResult; 2544 } 2545 2546 void CodeGenFunction::getVTablePointers(BaseSubobject Base, 2547 const CXXRecordDecl *NearestVBase, 2548 CharUnits OffsetFromNearestVBase, 2549 bool BaseIsNonVirtualPrimaryBase, 2550 const CXXRecordDecl *VTableClass, 2551 VisitedVirtualBasesSetTy &VBases, 2552 VPtrsVector &Vptrs) { 2553 // If this base is a non-virtual primary base the address point has already 2554 // been set. 2555 if (!BaseIsNonVirtualPrimaryBase) { 2556 // Initialize the vtable pointer for this base. 2557 VPtr Vptr = {Base, NearestVBase, OffsetFromNearestVBase, VTableClass}; 2558 Vptrs.push_back(Vptr); 2559 } 2560 2561 const CXXRecordDecl *RD = Base.getBase(); 2562 2563 // Traverse bases. 2564 for (const auto &I : RD->bases()) { 2565 auto *BaseDecl = 2566 cast<CXXRecordDecl>(I.getType()->castAs<RecordType>()->getDecl()); 2567 2568 // Ignore classes without a vtable. 2569 if (!BaseDecl->isDynamicClass()) 2570 continue; 2571 2572 CharUnits BaseOffset; 2573 CharUnits BaseOffsetFromNearestVBase; 2574 bool BaseDeclIsNonVirtualPrimaryBase; 2575 2576 if (I.isVirtual()) { 2577 // Check if we've visited this virtual base before. 2578 if (!VBases.insert(BaseDecl).second) 2579 continue; 2580 2581 const ASTRecordLayout &Layout = 2582 getContext().getASTRecordLayout(VTableClass); 2583 2584 BaseOffset = Layout.getVBaseClassOffset(BaseDecl); 2585 BaseOffsetFromNearestVBase = CharUnits::Zero(); 2586 BaseDeclIsNonVirtualPrimaryBase = false; 2587 } else { 2588 const ASTRecordLayout &Layout = getContext().getASTRecordLayout(RD); 2589 2590 BaseOffset = Base.getBaseOffset() + Layout.getBaseClassOffset(BaseDecl); 2591 BaseOffsetFromNearestVBase = 2592 OffsetFromNearestVBase + Layout.getBaseClassOffset(BaseDecl); 2593 BaseDeclIsNonVirtualPrimaryBase = Layout.getPrimaryBase() == BaseDecl; 2594 } 2595 2596 getVTablePointers( 2597 BaseSubobject(BaseDecl, BaseOffset), 2598 I.isVirtual() ? BaseDecl : NearestVBase, BaseOffsetFromNearestVBase, 2599 BaseDeclIsNonVirtualPrimaryBase, VTableClass, VBases, Vptrs); 2600 } 2601 } 2602 2603 void CodeGenFunction::InitializeVTablePointers(const CXXRecordDecl *RD) { 2604 // Ignore classes without a vtable. 2605 if (!RD->isDynamicClass()) 2606 return; 2607 2608 // Initialize the vtable pointers for this class and all of its bases. 2609 if (CGM.getCXXABI().doStructorsInitializeVPtrs(RD)) 2610 for (const VPtr &Vptr : getVTablePointers(RD)) 2611 InitializeVTablePointer(Vptr); 2612 2613 if (RD->getNumVBases()) 2614 CGM.getCXXABI().initializeHiddenVirtualInheritanceMembers(*this, RD); 2615 } 2616 2617 llvm::Value *CodeGenFunction::GetVTablePtr(Address This, 2618 llvm::Type *VTableTy, 2619 const CXXRecordDecl *RD) { 2620 Address VTablePtrSrc = Builder.CreateElementBitCast(This, VTableTy); 2621 llvm::Instruction *VTable = Builder.CreateLoad(VTablePtrSrc, "vtable"); 2622 TBAAAccessInfo TBAAInfo = CGM.getTBAAVTablePtrAccessInfo(VTableTy); 2623 CGM.DecorateInstructionWithTBAA(VTable, TBAAInfo); 2624 2625 if (CGM.getCodeGenOpts().OptimizationLevel > 0 && 2626 CGM.getCodeGenOpts().StrictVTablePointers) 2627 CGM.DecorateInstructionWithInvariantGroup(VTable, RD); 2628 2629 return VTable; 2630 } 2631 2632 // If a class has a single non-virtual base and does not introduce or override 2633 // virtual member functions or fields, it will have the same layout as its base. 2634 // This function returns the least derived such class. 2635 // 2636 // Casting an instance of a base class to such a derived class is technically 2637 // undefined behavior, but it is a relatively common hack for introducing member 2638 // functions on class instances with specific properties (e.g. llvm::Operator) 2639 // that works under most compilers and should not have security implications, so 2640 // we allow it by default. It can be disabled with -fsanitize=cfi-cast-strict. 2641 static const CXXRecordDecl * 2642 LeastDerivedClassWithSameLayout(const CXXRecordDecl *RD) { 2643 if (!RD->field_empty()) 2644 return RD; 2645 2646 if (RD->getNumVBases() != 0) 2647 return RD; 2648 2649 if (RD->getNumBases() != 1) 2650 return RD; 2651 2652 for (const CXXMethodDecl *MD : RD->methods()) { 2653 if (MD->isVirtual()) { 2654 // Virtual member functions are only ok if they are implicit destructors 2655 // because the implicit destructor will have the same semantics as the 2656 // base class's destructor if no fields are added. 2657 if (isa<CXXDestructorDecl>(MD) && MD->isImplicit()) 2658 continue; 2659 return RD; 2660 } 2661 } 2662 2663 return LeastDerivedClassWithSameLayout( 2664 RD->bases_begin()->getType()->getAsCXXRecordDecl()); 2665 } 2666 2667 void CodeGenFunction::EmitTypeMetadataCodeForVCall(const CXXRecordDecl *RD, 2668 llvm::Value *VTable, 2669 SourceLocation Loc) { 2670 if (SanOpts.has(SanitizerKind::CFIVCall)) 2671 EmitVTablePtrCheckForCall(RD, VTable, CodeGenFunction::CFITCK_VCall, Loc); 2672 else if (CGM.getCodeGenOpts().WholeProgramVTables && 2673 // Don't insert type test assumes if we are forcing public std 2674 // visibility. 2675 !CGM.HasLTOVisibilityPublicStd(RD)) { 2676 llvm::Metadata *MD = 2677 CGM.CreateMetadataIdentifierForType(QualType(RD->getTypeForDecl(), 0)); 2678 llvm::Value *TypeId = 2679 llvm::MetadataAsValue::get(CGM.getLLVMContext(), MD); 2680 2681 llvm::Value *CastedVTable = Builder.CreateBitCast(VTable, Int8PtrTy); 2682 llvm::Value *TypeTest = 2683 Builder.CreateCall(CGM.getIntrinsic(llvm::Intrinsic::type_test), 2684 {CastedVTable, TypeId}); 2685 Builder.CreateCall(CGM.getIntrinsic(llvm::Intrinsic::assume), TypeTest); 2686 } 2687 } 2688 2689 void CodeGenFunction::EmitVTablePtrCheckForCall(const CXXRecordDecl *RD, 2690 llvm::Value *VTable, 2691 CFITypeCheckKind TCK, 2692 SourceLocation Loc) { 2693 if (!SanOpts.has(SanitizerKind::CFICastStrict)) 2694 RD = LeastDerivedClassWithSameLayout(RD); 2695 2696 EmitVTablePtrCheck(RD, VTable, TCK, Loc); 2697 } 2698 2699 void CodeGenFunction::EmitVTablePtrCheckForCast(QualType T, 2700 llvm::Value *Derived, 2701 bool MayBeNull, 2702 CFITypeCheckKind TCK, 2703 SourceLocation Loc) { 2704 if (!getLangOpts().CPlusPlus) 2705 return; 2706 2707 auto *ClassTy = T->getAs<RecordType>(); 2708 if (!ClassTy) 2709 return; 2710 2711 const CXXRecordDecl *ClassDecl = cast<CXXRecordDecl>(ClassTy->getDecl()); 2712 2713 if (!ClassDecl->isCompleteDefinition() || !ClassDecl->isDynamicClass()) 2714 return; 2715 2716 if (!SanOpts.has(SanitizerKind::CFICastStrict)) 2717 ClassDecl = LeastDerivedClassWithSameLayout(ClassDecl); 2718 2719 llvm::BasicBlock *ContBlock = nullptr; 2720 2721 if (MayBeNull) { 2722 llvm::Value *DerivedNotNull = 2723 Builder.CreateIsNotNull(Derived, "cast.nonnull"); 2724 2725 llvm::BasicBlock *CheckBlock = createBasicBlock("cast.check"); 2726 ContBlock = createBasicBlock("cast.cont"); 2727 2728 Builder.CreateCondBr(DerivedNotNull, CheckBlock, ContBlock); 2729 2730 EmitBlock(CheckBlock); 2731 } 2732 2733 llvm::Value *VTable; 2734 std::tie(VTable, ClassDecl) = CGM.getCXXABI().LoadVTablePtr( 2735 *this, Address(Derived, getPointerAlign()), ClassDecl); 2736 2737 EmitVTablePtrCheck(ClassDecl, VTable, TCK, Loc); 2738 2739 if (MayBeNull) { 2740 Builder.CreateBr(ContBlock); 2741 EmitBlock(ContBlock); 2742 } 2743 } 2744 2745 void CodeGenFunction::EmitVTablePtrCheck(const CXXRecordDecl *RD, 2746 llvm::Value *VTable, 2747 CFITypeCheckKind TCK, 2748 SourceLocation Loc) { 2749 if (!CGM.getCodeGenOpts().SanitizeCfiCrossDso && 2750 !CGM.HasHiddenLTOVisibility(RD)) 2751 return; 2752 2753 SanitizerMask M; 2754 llvm::SanitizerStatKind SSK; 2755 switch (TCK) { 2756 case CFITCK_VCall: 2757 M = SanitizerKind::CFIVCall; 2758 SSK = llvm::SanStat_CFI_VCall; 2759 break; 2760 case CFITCK_NVCall: 2761 M = SanitizerKind::CFINVCall; 2762 SSK = llvm::SanStat_CFI_NVCall; 2763 break; 2764 case CFITCK_DerivedCast: 2765 M = SanitizerKind::CFIDerivedCast; 2766 SSK = llvm::SanStat_CFI_DerivedCast; 2767 break; 2768 case CFITCK_UnrelatedCast: 2769 M = SanitizerKind::CFIUnrelatedCast; 2770 SSK = llvm::SanStat_CFI_UnrelatedCast; 2771 break; 2772 case CFITCK_ICall: 2773 case CFITCK_NVMFCall: 2774 case CFITCK_VMFCall: 2775 llvm_unreachable("unexpected sanitizer kind"); 2776 } 2777 2778 std::string TypeName = RD->getQualifiedNameAsString(); 2779 if (getContext().getNoSanitizeList().containsType(M, TypeName)) 2780 return; 2781 2782 SanitizerScope SanScope(this); 2783 EmitSanitizerStatReport(SSK); 2784 2785 llvm::Metadata *MD = 2786 CGM.CreateMetadataIdentifierForType(QualType(RD->getTypeForDecl(), 0)); 2787 llvm::Value *TypeId = llvm::MetadataAsValue::get(getLLVMContext(), MD); 2788 2789 llvm::Value *CastedVTable = Builder.CreateBitCast(VTable, Int8PtrTy); 2790 llvm::Value *TypeTest = Builder.CreateCall( 2791 CGM.getIntrinsic(llvm::Intrinsic::type_test), {CastedVTable, TypeId}); 2792 2793 llvm::Constant *StaticData[] = { 2794 llvm::ConstantInt::get(Int8Ty, TCK), 2795 EmitCheckSourceLocation(Loc), 2796 EmitCheckTypeDescriptor(QualType(RD->getTypeForDecl(), 0)), 2797 }; 2798 2799 auto CrossDsoTypeId = CGM.CreateCrossDsoCfiTypeId(MD); 2800 if (CGM.getCodeGenOpts().SanitizeCfiCrossDso && CrossDsoTypeId) { 2801 EmitCfiSlowPathCheck(M, TypeTest, CrossDsoTypeId, CastedVTable, StaticData); 2802 return; 2803 } 2804 2805 if (CGM.getCodeGenOpts().SanitizeTrap.has(M)) { 2806 EmitTrapCheck(TypeTest, SanitizerHandler::CFICheckFail); 2807 return; 2808 } 2809 2810 llvm::Value *AllVtables = llvm::MetadataAsValue::get( 2811 CGM.getLLVMContext(), 2812 llvm::MDString::get(CGM.getLLVMContext(), "all-vtables")); 2813 llvm::Value *ValidVtable = Builder.CreateCall( 2814 CGM.getIntrinsic(llvm::Intrinsic::type_test), {CastedVTable, AllVtables}); 2815 EmitCheck(std::make_pair(TypeTest, M), SanitizerHandler::CFICheckFail, 2816 StaticData, {CastedVTable, ValidVtable}); 2817 } 2818 2819 bool CodeGenFunction::ShouldEmitVTableTypeCheckedLoad(const CXXRecordDecl *RD) { 2820 if (!CGM.getCodeGenOpts().WholeProgramVTables || 2821 !CGM.HasHiddenLTOVisibility(RD)) 2822 return false; 2823 2824 if (CGM.getCodeGenOpts().VirtualFunctionElimination) 2825 return true; 2826 2827 if (!SanOpts.has(SanitizerKind::CFIVCall) || 2828 !CGM.getCodeGenOpts().SanitizeTrap.has(SanitizerKind::CFIVCall)) 2829 return false; 2830 2831 std::string TypeName = RD->getQualifiedNameAsString(); 2832 return !getContext().getNoSanitizeList().containsType(SanitizerKind::CFIVCall, 2833 TypeName); 2834 } 2835 2836 llvm::Value *CodeGenFunction::EmitVTableTypeCheckedLoad( 2837 const CXXRecordDecl *RD, llvm::Value *VTable, uint64_t VTableByteOffset) { 2838 SanitizerScope SanScope(this); 2839 2840 EmitSanitizerStatReport(llvm::SanStat_CFI_VCall); 2841 2842 llvm::Metadata *MD = 2843 CGM.CreateMetadataIdentifierForType(QualType(RD->getTypeForDecl(), 0)); 2844 llvm::Value *TypeId = llvm::MetadataAsValue::get(CGM.getLLVMContext(), MD); 2845 2846 llvm::Value *CastedVTable = Builder.CreateBitCast(VTable, Int8PtrTy); 2847 llvm::Value *CheckedLoad = Builder.CreateCall( 2848 CGM.getIntrinsic(llvm::Intrinsic::type_checked_load), 2849 {CastedVTable, llvm::ConstantInt::get(Int32Ty, VTableByteOffset), 2850 TypeId}); 2851 llvm::Value *CheckResult = Builder.CreateExtractValue(CheckedLoad, 1); 2852 2853 std::string TypeName = RD->getQualifiedNameAsString(); 2854 if (SanOpts.has(SanitizerKind::CFIVCall) && 2855 !getContext().getNoSanitizeList().containsType(SanitizerKind::CFIVCall, 2856 TypeName)) { 2857 EmitCheck(std::make_pair(CheckResult, SanitizerKind::CFIVCall), 2858 SanitizerHandler::CFICheckFail, {}, {}); 2859 } 2860 2861 return Builder.CreateBitCast( 2862 Builder.CreateExtractValue(CheckedLoad, 0), 2863 cast<llvm::PointerType>(VTable->getType())->getElementType()); 2864 } 2865 2866 void CodeGenFunction::EmitForwardingCallToLambda( 2867 const CXXMethodDecl *callOperator, 2868 CallArgList &callArgs) { 2869 // Get the address of the call operator. 2870 const CGFunctionInfo &calleeFnInfo = 2871 CGM.getTypes().arrangeCXXMethodDeclaration(callOperator); 2872 llvm::Constant *calleePtr = 2873 CGM.GetAddrOfFunction(GlobalDecl(callOperator), 2874 CGM.getTypes().GetFunctionType(calleeFnInfo)); 2875 2876 // Prepare the return slot. 2877 const FunctionProtoType *FPT = 2878 callOperator->getType()->castAs<FunctionProtoType>(); 2879 QualType resultType = FPT->getReturnType(); 2880 ReturnValueSlot returnSlot; 2881 if (!resultType->isVoidType() && 2882 calleeFnInfo.getReturnInfo().getKind() == ABIArgInfo::Indirect && 2883 !hasScalarEvaluationKind(calleeFnInfo.getReturnType())) 2884 returnSlot = 2885 ReturnValueSlot(ReturnValue, resultType.isVolatileQualified(), 2886 /*IsUnused=*/false, /*IsExternallyDestructed=*/true); 2887 2888 // We don't need to separately arrange the call arguments because 2889 // the call can't be variadic anyway --- it's impossible to forward 2890 // variadic arguments. 2891 2892 // Now emit our call. 2893 auto callee = CGCallee::forDirect(calleePtr, GlobalDecl(callOperator)); 2894 RValue RV = EmitCall(calleeFnInfo, callee, returnSlot, callArgs); 2895 2896 // If necessary, copy the returned value into the slot. 2897 if (!resultType->isVoidType() && returnSlot.isNull()) { 2898 if (getLangOpts().ObjCAutoRefCount && resultType->isObjCRetainableType()) { 2899 RV = RValue::get(EmitARCRetainAutoreleasedReturnValue(RV.getScalarVal())); 2900 } 2901 EmitReturnOfRValue(RV, resultType); 2902 } else 2903 EmitBranchThroughCleanup(ReturnBlock); 2904 } 2905 2906 void CodeGenFunction::EmitLambdaBlockInvokeBody() { 2907 const BlockDecl *BD = BlockInfo->getBlockDecl(); 2908 const VarDecl *variable = BD->capture_begin()->getVariable(); 2909 const CXXRecordDecl *Lambda = variable->getType()->getAsCXXRecordDecl(); 2910 const CXXMethodDecl *CallOp = Lambda->getLambdaCallOperator(); 2911 2912 if (CallOp->isVariadic()) { 2913 // FIXME: Making this work correctly is nasty because it requires either 2914 // cloning the body of the call operator or making the call operator 2915 // forward. 2916 CGM.ErrorUnsupported(CurCodeDecl, "lambda conversion to variadic function"); 2917 return; 2918 } 2919 2920 // Start building arguments for forwarding call 2921 CallArgList CallArgs; 2922 2923 QualType ThisType = getContext().getPointerType(getContext().getRecordType(Lambda)); 2924 Address ThisPtr = GetAddrOfBlockDecl(variable); 2925 CallArgs.add(RValue::get(ThisPtr.getPointer()), ThisType); 2926 2927 // Add the rest of the parameters. 2928 for (auto param : BD->parameters()) 2929 EmitDelegateCallArg(CallArgs, param, param->getBeginLoc()); 2930 2931 assert(!Lambda->isGenericLambda() && 2932 "generic lambda interconversion to block not implemented"); 2933 EmitForwardingCallToLambda(CallOp, CallArgs); 2934 } 2935 2936 void CodeGenFunction::EmitLambdaDelegatingInvokeBody(const CXXMethodDecl *MD) { 2937 const CXXRecordDecl *Lambda = MD->getParent(); 2938 2939 // Start building arguments for forwarding call 2940 CallArgList CallArgs; 2941 2942 QualType ThisType = getContext().getPointerType(getContext().getRecordType(Lambda)); 2943 llvm::Value *ThisPtr = llvm::UndefValue::get(getTypes().ConvertType(ThisType)); 2944 CallArgs.add(RValue::get(ThisPtr), ThisType); 2945 2946 // Add the rest of the parameters. 2947 for (auto Param : MD->parameters()) 2948 EmitDelegateCallArg(CallArgs, Param, Param->getBeginLoc()); 2949 2950 const CXXMethodDecl *CallOp = Lambda->getLambdaCallOperator(); 2951 // For a generic lambda, find the corresponding call operator specialization 2952 // to which the call to the static-invoker shall be forwarded. 2953 if (Lambda->isGenericLambda()) { 2954 assert(MD->isFunctionTemplateSpecialization()); 2955 const TemplateArgumentList *TAL = MD->getTemplateSpecializationArgs(); 2956 FunctionTemplateDecl *CallOpTemplate = CallOp->getDescribedFunctionTemplate(); 2957 void *InsertPos = nullptr; 2958 FunctionDecl *CorrespondingCallOpSpecialization = 2959 CallOpTemplate->findSpecialization(TAL->asArray(), InsertPos); 2960 assert(CorrespondingCallOpSpecialization); 2961 CallOp = cast<CXXMethodDecl>(CorrespondingCallOpSpecialization); 2962 } 2963 EmitForwardingCallToLambda(CallOp, CallArgs); 2964 } 2965 2966 void CodeGenFunction::EmitLambdaStaticInvokeBody(const CXXMethodDecl *MD) { 2967 if (MD->isVariadic()) { 2968 // FIXME: Making this work correctly is nasty because it requires either 2969 // cloning the body of the call operator or making the call operator forward. 2970 CGM.ErrorUnsupported(MD, "lambda conversion to variadic function"); 2971 return; 2972 } 2973 2974 EmitLambdaDelegatingInvokeBody(MD); 2975 } 2976
Indexes created Tue Feb 24 08:35:24 UTC 2026