[clang] Add builtin_get_vtable_pointer and virtual_member_address

Author: ahmedbougacha

clang/docs/LanguageExtensions.rst

@@ -2741,6 +2741,40 @@ Query for this feature with ``__has_builtin(__builtin_readcyclecounter)``. Note
 that even if present, its use may depend on run-time privilege or other OS
 controlled state.
 
+
+``__builtin_get_vtable_pointer``
+------------------------------
+
+``__builtin_get_vtable_pointer`` loads and authenticates the primary vtable
+pointer from an instance of a polymorphic C++ class.
+
+**Syntax**:
+
+.. code-block:: c++
+
+  __builtin_get_vtable_pointer(PolymorphicClass*)
+
+**Example of Use**:
+
+.. code-block:: c++
+
+  struct PolymorphicClass {
+    virtual ~PolymorphicClass();
+  };
+
+  PolymorphicClass anInstance;
+  const void* vtablePointer = __builtin_get_vtable_pointer(&anInstance);
+
+**Description**:
+
+The ``__builtin_get_vtable_pointer`` builtin loads the primary vtable
+pointer from a polymorphic C++ type. If the target platform authenticates
+vtable pointers, this builtin will perform the authentication and produce
+the underlying raw pointer. The object being queried must be polymorphic,
+and so must also be a complete type.
+
+Query for this feature with ``__has_builtin(__builtin_get_vtable_pointer)``.
+
 ``__builtin_dump_struct``
 -------------------------
 

clang/include/clang/Basic/Builtins.def

@@ -631,6 +631,8 @@ BUILTIN(__builtin_thread_pointer, "v*", "nc")
 BUILTIN(__builtin_launder, "v*v*", "ntE")
 LANGBUILTIN(__builtin_is_constant_evaluated, "b", "nE", CXX_LANG)
 
+LANGBUILTIN(__builtin_get_vtable_pointer, "v*v*", "tnc", CXX_LANG)
+
 // GCC exception builtins
 BUILTIN(__builtin_eh_return, "vzv*", "r") // FIXME: Takes intptr_t, not size_t!
 BUILTIN(__builtin_frob_return_addr, "v*v*", "n")
@@ -1705,6 +1707,8 @@ BUILTIN(__builtin_ptrauth_auth_and_resign, "v*v*iv*iv*", "tn")
 BUILTIN(__builtin_ptrauth_auth, "v*v*iv*", "tn")
 BUILTIN(__builtin_ptrauth_string_discriminator, "zcC*", "ncE")
 
+BUILTIN(__builtin_virtual_member_address, "v*v*v*", "tnc")
+
 // OpenCL v2.0 s6.13.16, s9.17.3.5 - Pipe functions.
 // We need the generic prototype, since the packet type could be anything.
 LANGBUILTIN(read_pipe, "i.", "tn", OCL_PIPE)

clang/include/clang/Basic/DiagnosticSemaKinds.td

@@ -956,6 +956,13 @@ def err_ptrauth_extra_discriminator_invalid : Error<
   "extra discriminator for %select{__ptrauth|ptrauth_struct}2 must be between "
   "0 and %1; value is %0">;
 
+def err_virtual_member_lhs_cxxrec : Error<
+  "first argument to __builtin_virtual_member_address must have C++ class type">;
+def err_virtual_member_addrof : Error<
+  "second argument to __builtin_virtual_member_address must be the address of a virtual C++ member function: for example '&Foo::func'">;
+def err_virtual_member_inherit : Error<
+  "first argument to __builtin_virtual_member_address must have a type deriving from class where second argument was defined">;
+
 /// main()
 // static main() is not an error in C, just in C++.
 def warn_static_main : Warning<"'main' should not be declared static">,
@@ -11926,6 +11933,14 @@ def err_bit_cast_non_trivially_copyable : Error<
 def err_bit_cast_type_size_mismatch : Error<
   "__builtin_bit_cast source size does not equal destination size (%0 vs %1)">;
 
+
+def err_get_vtable_pointer_incorrect_type : Error<
+  "__builtin_get_vtable_pointer requires an argument of%select{| polymorphic}0 class pointer type"
+  ", but %1 %select{was provided|has no virtual methods}0"
+>;
+def err_get_vtable_pointer_requires_complete_type : Error<
+  "__builtin_get_vtable_pointer requires an argument with a complete type, but %0 is incomplete">;
+
 // SYCL-specific diagnostics
 def warn_sycl_kernel_num_of_template_params : Warning<
   "'sycl_kernel' attribute only applies to a function template with at least"

clang/lib/CodeGen/CGBuiltin.cpp

@@ -4969,6 +4969,38 @@ RValue CodeGenFunction::EmitBuiltinExpr(const GlobalDecl GD, unsigned BuiltinID,
     return RValue::get(result);
   }
 
+  case Builtin::BI__builtin_virtual_member_address: {
+    Address This = EmitLValue(E->getArg(0)).getAddress();
+    APValue ConstMemFun;
+    E->getArg(1)->isCXX11ConstantExpr(getContext(), &ConstMemFun, nullptr);
+    auto CXXMethod = cast<CXXMethodDecl>(ConstMemFun.getMemberPointerDecl());
+    const CGFunctionInfo &FInfo =
+        CGM.getTypes().arrangeCXXMethodDeclaration(CXXMethod);
+    auto Ty = CGM.getTypes().GetFunctionType(FInfo);
+    CGCallee VCallee = CGCallee::forVirtual(nullptr, CXXMethod, This, Ty);
+    auto Callee = VCallee.prepareConcreteCallee(*this).getFunctionPointer();
+    if (CGM.getCodeGenOpts().PointerAuth.FunctionPointers) {
+      auto Strip = CGM.getIntrinsic(llvm::Intrinsic::ptrauth_strip);
+      Callee =
+          EmitRuntimeCall(Strip, {Builder.CreatePtrToInt(Callee, IntPtrTy),
+                                  llvm::ConstantInt::get(IntTy, 0)});
+    }
+    Callee = Builder.CreateBitOrPointerCast(Callee, Int8PtrTy);
+    return RValue::get(Callee);
+  }
+
+  case Builtin::BI__builtin_get_vtable_pointer: {
+    auto target = E->getArg(0);
+    auto type = target->getType();
+    auto decl = type->getPointeeCXXRecordDecl();
+    assert(decl);
+    auto thisAddress = EmitPointerWithAlignment(target);
+    assert(thisAddress.isValid());
+    auto vtablePointer =
+        GetVTablePtr(thisAddress, Int8PtrTy, decl, VTableAuthMode::MustTrap);
+    return RValue::get(vtablePointer);
+  }
+
   case Builtin::BI__exception_code:
   case Builtin::BI_exception_code:
     return RValue::get(EmitSEHExceptionCode());

clang/lib/Sema/SemaChecking.cpp

@@ -2238,6 +2238,57 @@ static ExprResult SemaPointerAuthAuthAndResign(Sema &S, CallExpr *Call) {
   return Call;
 }
 
+static ExprResult SemaVirtualMemberAddress(Sema &S, CallExpr *Call) {
+  if (checkArgCount(S, Call, 2)) return ExprError();
+
+  for (int i = 0; i < 2; ++i) {
+    auto ArgRValue = S.DefaultFunctionArrayLvalueConversion(Call->getArg(1));
+    if (ArgRValue.isInvalid())
+      return ExprError();
+
+    auto Arg = ArgRValue.get();
+    Call->setArg(1, Arg);
+  }
+
+  if (Call->getArg(0)->isTypeDependent() || Call->getArg(1)->isValueDependent())
+    return Call;
+
+  auto ThisArg = Call->getArg(0);
+  auto ThisTy = ThisArg->getType();
+  if (!ThisTy->getAsCXXRecordDecl()) {
+    S.Diag(ThisArg->getExprLoc(), diag::err_virtual_member_lhs_cxxrec);
+    return ExprError();
+  }
+
+  auto MemFunArg = Call->getArg(1);
+  APValue Result;
+  if (!MemFunArg->isCXX11ConstantExpr(S.getASTContext(), &Result, nullptr)) {
+    S.Diag(MemFunArg->getExprLoc(), diag::err_virtual_member_addrof);
+    return ExprError();
+  }
+
+  if (!Result.isMemberPointer() ||
+      !isa<CXXMethodDecl>(Result.getMemberPointerDecl())) {
+    S.Diag(MemFunArg->getExprLoc(), diag::err_virtual_member_addrof);
+    return ExprError();
+  }
+
+  auto CXXMethod = cast<CXXMethodDecl>(Result.getMemberPointerDecl());
+  if (!CXXMethod->isVirtual()) {
+    S.Diag(MemFunArg->getExprLoc(), diag::err_virtual_member_addrof);
+    return ExprError();
+  }
+
+  if (ThisTy->getAsCXXRecordDecl() != CXXMethod->getParent() &&
+      !S.IsDerivedFrom(Call->getBeginLoc(), ThisTy,
+                       CXXMethod->getThisObjectType())) {
+    S.Diag(ThisArg->getExprLoc(), diag::err_virtual_member_inherit);
+    return ExprError();
+  }
+  return Call;
+}
+
+
 static ExprResult SemaPointerAuthStringDiscriminator(Sema &S, CallExpr *call) {
   if (checkPointerAuthEnabled(S, call)) return ExprError();
 
@@ -2256,6 +2307,39 @@ static ExprResult SemaPointerAuthStringDiscriminator(Sema &S, CallExpr *call) {
   return call;
 }
 
+static ExprResult SemaGetVTablePointer(Sema &S, CallExpr *call) {
+  if (checkArgCount(S, call, 1))
+    return ExprError();
+  auto rvalue = S.DefaultFunctionArrayLvalueConversion(call->getArg(0));
+  if (rvalue.isInvalid())
+    return ExprError();
+  call->setArg(0, rvalue.get());
+  auto expression = call->getArg(0);
+  QualType expressionType = expression->getType();
+  const CXXRecordDecl *objectType = expressionType->getPointeeCXXRecordDecl();
+  if (!expressionType->isPointerType() || !objectType) {
+    S.Diag(expression->getBeginLoc(),
+           diag::err_get_vtable_pointer_incorrect_type)
+        << 0 << expressionType;
+    return ExprError();
+  }
+  if (S.RequireCompleteType(
+          expression->getBeginLoc(), expressionType->getPointeeType(),
+          diag::err_get_vtable_pointer_requires_complete_type)) {
+    return ExprError();
+  }
+
+  if (!objectType->isPolymorphic()) {
+    S.Diag(expression->getBeginLoc(),
+           diag::err_get_vtable_pointer_incorrect_type)
+        << 1 << objectType;
+    return ExprError();
+  }
+  QualType returnType = S.Context.getPointerType(S.Context.VoidTy.withConst());
+  call->setType(returnType);
+  return call;
+}
+
 static ExprResult SemaBuiltinLaunder(Sema &S, CallExpr *TheCall) {
   if (checkArgCount(S, TheCall, 1))
     return ExprError();
@@ -2893,12 +2977,16 @@ Sema::CheckBuiltinFunctionCall(FunctionDecl *FDecl, unsigned BuiltinID,
   case Builtin::BI__builtin_ptrauth_auth:
     return SemaPointerAuthSignOrAuth(*this, TheCall, PAO_Auth,
                                      /*constant*/ false);
+  case Builtin::BI__builtin_get_vtable_pointer:
+    return SemaGetVTablePointer(*this, TheCall);
   case Builtin::BI__builtin_ptrauth_sign_generic_data:
     return SemaPointerAuthSignGenericData(*this, TheCall);
   case Builtin::BI__builtin_ptrauth_auth_and_resign:
     return SemaPointerAuthAuthAndResign(*this, TheCall);
   case Builtin::BI__builtin_ptrauth_string_discriminator:
     return SemaPointerAuthStringDiscriminator(*this, TheCall);
+  case Builtin::BI__builtin_virtual_member_address:
+    return SemaVirtualMemberAddress(*this, TheCall);
   // OpenCL v2.0, s6.13.16 - Pipe functions
   case Builtin::BIread_pipe:
   case Builtin::BIwrite_pipe: