[clang] Add builtin_get_vtable_pointer and virtual_member_address

Author: ahmedbougacha

clang/docs/LanguageExtensions.rst

@@ -3031,6 +3031,39 @@ following way:
 
 Query for this feature with ``__has_builtin(__builtin_offsetof)``.
 
+``__builtin_get_vtable_pointer``
+--------------------------------
+
+``__builtin_get_vtable_pointer`` loads and authenticates the primary vtable
+pointer from an instance of a polymorphic C++ class.
+
+**Syntax**:
+
+.. code-block:: c++
+
+  __builtin_get_vtable_pointer(PolymorphicClass*)
+
+**Example of Use**:
+
+.. code-block:: c++
+
+  struct PolymorphicClass {
+    virtual ~PolymorphicClass();
+  };
+
+  PolymorphicClass anInstance;
+  const void* vtablePointer = __builtin_get_vtable_pointer(&anInstance);
+
+**Description**:
+
+The ``__builtin_get_vtable_pointer`` builtin loads the primary vtable
+pointer from a polymorphic C++ type. If the target platform authenticates
+vtable pointers, this builtin will perform the authentication and produce
+the underlying raw pointer. The object being queried must be polymorphic,
+and so must also be a complete type.
+
+Query for this feature with ``__has_builtin(__builtin_get_vtable_pointer)``.
+
 ``__builtin_call_with_static_chain``
 ------------------------------------
 

clang/include/clang/Basic/Builtins.td

@@ -970,6 +970,18 @@ def IsWithinLifetime : LangBuiltin<"CXX_LANG"> {
   let Prototype = "bool(void*)";
 }
 
+def GetVtablePointer : LangBuiltin<"CXX_LANG"> {
+  let Spellings = ["__builtin_get_vtable_pointer"];
+  let Attributes = [CustomTypeChecking, NoThrow, Const];
+  let Prototype = "void*(void*)";
+}
+
+def VirtualMemberAddress : Builtin {
+  let Spellings = ["__builtin_virtual_member_address"];
+  let Attributes = [CustomTypeChecking, NoThrow, Const];
+  let Prototype = "void*(void*,void*)";
+}
+
 // GCC exception builtins
 def EHReturn : Builtin {
   let Spellings = ["__builtin_eh_return"];

clang/include/clang/Basic/DiagnosticSemaKinds.td

@@ -1068,6 +1068,13 @@ def err_ptrauth_invalid_struct_attr_dynamic_class : Error<
   "attribute ptrauth_struct cannot be used on class %0 or its subclasses "
   "because it is a dynamic class">;
 
+def err_virtual_member_lhs_cxxrec : Error<
+  "first argument to __builtin_virtual_member_address must have C++ class type">;
+def err_virtual_member_addrof : Error<
+  "second argument to __builtin_virtual_member_address must be the address of a virtual C++ member function: for example '&Foo::func'">;
+def err_virtual_member_inherit : Error<
+  "first argument to __builtin_virtual_member_address must have a type deriving from class where second argument was defined">;
+
 /// main()
 // static main() is not an error in C, just in C++.
 def warn_static_main : Warning<"'main' should not be declared static">,
@@ -12594,6 +12601,14 @@ def err_bit_cast_non_trivially_copyable : Error<
 def err_bit_cast_type_size_mismatch : Error<
   "size of '__builtin_bit_cast' source type %0 does not match destination type %1 (%2 vs %3 bytes)">;
 
+
+def err_get_vtable_pointer_incorrect_type : Error<
+  "__builtin_get_vtable_pointer requires an argument of%select{| polymorphic}0 class pointer type"
+  ", but %1 %select{was provided|has no virtual methods}0"
+>;
+def err_get_vtable_pointer_requires_complete_type : Error<
+  "__builtin_get_vtable_pointer requires an argument with a complete type, but %0 is incomplete">;
+
 // SYCL-specific diagnostics
 def warn_sycl_kernel_num_of_template_params : Warning<
   "'sycl_kernel' attribute only applies to a function template with at least"

clang/lib/CodeGen/CGBuiltin.cpp

@@ -5347,6 +5347,38 @@ RValue CodeGenFunction::EmitBuiltinExpr(const GlobalDecl GD, unsigned BuiltinID,
     return RValue::get(Result);
   }
 
+  case Builtin::BI__builtin_virtual_member_address: {
+    Address This = EmitLValue(E->getArg(0)).getAddress();
+    APValue ConstMemFun;
+    E->getArg(1)->isCXX11ConstantExpr(getContext(), &ConstMemFun, nullptr);
+    auto CXXMethod = cast<CXXMethodDecl>(ConstMemFun.getMemberPointerDecl());
+    const CGFunctionInfo &FInfo =
+        CGM.getTypes().arrangeCXXMethodDeclaration(CXXMethod);
+    auto Ty = CGM.getTypes().GetFunctionType(FInfo);
+    CGCallee VCallee = CGCallee::forVirtual(nullptr, CXXMethod, This, Ty);
+    auto Callee = VCallee.prepareConcreteCallee(*this).getFunctionPointer();
+    if (CGM.getCodeGenOpts().PointerAuth.FunctionPointers) {
+      auto Strip = CGM.getIntrinsic(llvm::Intrinsic::ptrauth_strip);
+      Callee =
+          EmitRuntimeCall(Strip, {Builder.CreatePtrToInt(Callee, IntPtrTy),
+                                  llvm::ConstantInt::get(IntTy, 0)});
+    }
+    Callee = Builder.CreateBitOrPointerCast(Callee, Int8PtrTy);
+    return RValue::get(Callee);
+  }
+
+  case Builtin::BI__builtin_get_vtable_pointer: {
+    auto target = E->getArg(0);
+    auto type = target->getType();
+    auto decl = type->getPointeeCXXRecordDecl();
+    assert(decl);
+    auto thisAddress = EmitPointerWithAlignment(target);
+    assert(thisAddress.isValid());
+    auto vtablePointer =
+        GetVTablePtr(thisAddress, Int8PtrTy, decl, VTableAuthMode::MustTrap);
+    return RValue::get(vtablePointer);
+  }
+
   case Builtin::BI__exception_code:
   case Builtin::BI_exception_code:
     return RValue::get(EmitSEHExceptionCode());

clang/lib/Sema/SemaChecking.cpp

@@ -1815,6 +1815,57 @@ static ExprResult PointerAuthAuthAndResign(Sema &S, CallExpr *Call) {
   return Call;
 }
 
+static ExprResult VirtualMemberAddress(Sema &S, CallExpr *Call) {
+  if (S.checkArgCount(Call, 2)) return ExprError();
+
+  for (int i = 0; i < 2; ++i) {
+    auto ArgRValue = S.DefaultFunctionArrayLvalueConversion(Call->getArg(1));
+    if (ArgRValue.isInvalid())
+      return ExprError();
+
+    auto Arg = ArgRValue.get();
+    Call->setArg(1, Arg);
+  }
+
+  if (Call->getArg(0)->isTypeDependent() || Call->getArg(1)->isValueDependent())
+    return Call;
+
+  auto ThisArg = Call->getArg(0);
+  auto ThisTy = ThisArg->getType();
+  if (!ThisTy->getAsCXXRecordDecl()) {
+    S.Diag(ThisArg->getExprLoc(), diag::err_virtual_member_lhs_cxxrec);
+    return ExprError();
+  }
+
+  auto MemFunArg = Call->getArg(1);
+  APValue Result;
+  if (!MemFunArg->isCXX11ConstantExpr(S.getASTContext(), &Result, nullptr)) {
+    S.Diag(MemFunArg->getExprLoc(), diag::err_virtual_member_addrof);
+    return ExprError();
+  }
+
+  if (!Result.isMemberPointer() ||
+      !isa<CXXMethodDecl>(Result.getMemberPointerDecl())) {
+    S.Diag(MemFunArg->getExprLoc(), diag::err_virtual_member_addrof);
+    return ExprError();
+  }
+
+  auto CXXMethod = cast<CXXMethodDecl>(Result.getMemberPointerDecl());
+  if (!CXXMethod->isVirtual()) {
+    S.Diag(MemFunArg->getExprLoc(), diag::err_virtual_member_addrof);
+    return ExprError();
+  }
+
+  if (ThisTy->getAsCXXRecordDecl() != CXXMethod->getParent() &&
+      !S.IsDerivedFrom(Call->getBeginLoc(), ThisTy,
+                       CXXMethod->getFunctionObjectParameterType())) {
+    S.Diag(ThisArg->getExprLoc(), diag::err_virtual_member_inherit);
+    return ExprError();
+  }
+  return Call;
+}
+
+
 static ExprResult PointerAuthStringDiscriminator(Sema &S, CallExpr *Call) {
   if (checkPointerAuthEnabled(S, Call))
     return ExprError();
@@ -1833,6 +1884,39 @@ static ExprResult PointerAuthStringDiscriminator(Sema &S, CallExpr *Call) {
   return Call;
 }
 
+static ExprResult GetVTablePointer(Sema &S, CallExpr *call) {
+  if (S.checkArgCount(call, 1))
+    return ExprError();
+  auto rvalue = S.DefaultFunctionArrayLvalueConversion(call->getArg(0));
+  if (rvalue.isInvalid())
+    return ExprError();
+  call->setArg(0, rvalue.get());
+  auto expression = call->getArg(0);
+  QualType expressionType = expression->getType();
+  const CXXRecordDecl *objectType = expressionType->getPointeeCXXRecordDecl();
+  if (!expressionType->isPointerType() || !objectType) {
+    S.Diag(expression->getBeginLoc(),
+           diag::err_get_vtable_pointer_incorrect_type)
+        << 0 << expressionType;
+    return ExprError();
+  }
+  if (S.RequireCompleteType(
+          expression->getBeginLoc(), expressionType->getPointeeType(),
+          diag::err_get_vtable_pointer_requires_complete_type)) {
+    return ExprError();
+  }
+
+  if (!objectType->isPolymorphic()) {
+    S.Diag(expression->getBeginLoc(),
+           diag::err_get_vtable_pointer_incorrect_type)
+        << 1 << objectType;
+    return ExprError();
+  }
+  QualType returnType = S.Context.getPointerType(S.Context.VoidTy.withConst());
+  call->setType(returnType);
+  return call;
+}
+
 static ExprResult BuiltinLaunder(Sema &S, CallExpr *TheCall) {
   if (S.checkArgCount(TheCall, 1))
     return ExprError();
@@ -2674,6 +2758,12 @@ Sema::CheckBuiltinFunctionCall(FunctionDecl *FDecl, unsigned BuiltinID,
     return PointerAuthAuthAndResign(*this, TheCall);
   case Builtin::BI__builtin_ptrauth_string_discriminator:
     return PointerAuthStringDiscriminator(*this, TheCall);
+
+  case Builtin::BI__builtin_get_vtable_pointer:
+    return GetVTablePointer(*this, TheCall);
+  case Builtin::BI__builtin_virtual_member_address:
+    return VirtualMemberAddress(*this, TheCall);
+
   // OpenCL v2.0, s6.13.16 - Pipe functions
   case Builtin::BIread_pipe:
   case Builtin::BIwrite_pipe: