[clang] Sign the destructor pointer passed to __cxa_throw.

Author: ahmedbougacha

clang/lib/CodeGen/ItaniumCXXABI.cpp

@@ -1472,8 +1472,16 @@ void ItaniumCXXABI::emitThrow(CodeGenFunction &CGF, const CXXThrowExpr *E) {
   if (const RecordType *RecordTy = ThrowType->getAs<RecordType>()) {
     CXXRecordDecl *Record = cast<CXXRecordDecl>(RecordTy->getDecl());
     if (!Record->hasTrivialDestructor()) {
+      // __cxa_throw is declared to take its destructor as void (*)(void *). We
+      // must match that if function pointers can be authenticated with a
+      // discriminator based on their type.
+      ASTContext &Ctx = getContext();
+      QualType DtorTy = Ctx.getFunctionType(Ctx.VoidTy, {Ctx.VoidPtrTy},
+                                            FunctionProtoType::ExtProtoInfo());
+
       CXXDestructorDecl *DtorD = Record->getDestructor();
       Dtor = CGM.getAddrOfCXXStructor(GlobalDecl(DtorD, Dtor_Complete));
+      Dtor = CGM.getFunctionPointer(Dtor, DtorTy);
       Dtor = llvm::ConstantExpr::getBitCast(Dtor, CGM.Int8PtrTy);
     }
   }

clang/test/CodeGenCXX/ptrauth-throw.cpp

@@ -0,0 +1,23 @@
+// RUN: %clang_cc1 -fptrauth-function-pointer-type-discrimination -triple arm64-apple-ios -fptrauth-calls -fcxx-exceptions -emit-llvm -no-enable-noundef-analysis %s -o - | FileCheck %s
+
+class Foo {
+ public:
+  ~Foo() {
+  }
+};
+
+void f() {
+  throw Foo();
+}
+
+// __cxa_throw is defined to take its destructor as "void (*)(void *)" in the ABI.
+void __cxa_throw(void *exception, void *, void (*dtor)(void *)) {
+  dtor(exception);
+}
+
+// CHECK: @_ZN3FooD1Ev.ptrauth = private constant { ptr, i32, i64, i64 } { ptr @_ZN3FooD1Ev, i32 0, i64 0, i64 [[DISC:[0-9]+]] }, section "llvm.ptrauth", align 8
+
+// CHECK: define void @_Z1fv()
+// CHECK:  call void @__cxa_throw(ptr %{{.*}}, ptr @_ZTI3Foo, ptr @_ZN3FooD1Ev.ptrauth)
+
+// CHECK: call void {{%.*}}(ptr {{%.*}}) [ "ptrauth"(i32 0, i64 [[DISC]]) ]