fixup! address reviewer comments

Created using spr 1.3.8-beta.1

Author: melver

clang/docs/AllocToken.rst

@@ -31,23 +31,23 @@ Token Assignment Mode
 
 The default mode to calculate tokens is:
 
-* *TypeHashPointerSplit* (mode=3): This mode assigns a token ID based on
-  the hash of the allocated type's name, where the top half ID-space is
-  reserved for types that contain pointers and the bottom half for types that
-  do not contain pointers.
+* ``typehashpointersplit``: This mode assigns a token ID based on the hash of
+  the allocated type's name, where the top half ID-space is reserved for types
+  that contain pointers and the bottom half for types that do not contain
+  pointers.
 
 Other token ID assignment modes are supported, but they may be subject to
 change or removal. These may (experimentally) be selected with ``-mllvm
 -alloc-token-mode=<mode>``:
 
-* *TypeHash* (mode=2): This mode assigns a token ID based on the hash of
-  the allocated type's name.
+* ``typehash``: This mode assigns a token ID based on the hash of the allocated
+  type's name.
 
-* *Random* (mode=1): This mode assigns a statically-determined random token ID
-  to each allocation site.
+* ``random``: This mode assigns a statically-determined random token ID to each
+  allocation site.
 
-* *Increment* (mode=0): This mode assigns a simple, incrementally increasing
-  token ID to each allocation site.
+* ``increment``: This mode assigns a simple, incrementally increasing token ID
+  to each allocation site.
 
 Allocation Token Instrumentation
 ================================
@@ -74,7 +74,7 @@ In addition, it is typically recommended to configure the following:
 
 * ``-falloc-token-max=<N>``
     Configures the maximum number of tokens. No max by default (tokens bounded
-    by ``UINT64_MAX``).
+    by ``SIZE_MAX``).
 
     .. code-block:: console
 
@@ -85,21 +85,21 @@ Runtime Interface
 
 A compatible runtime must be provided that implements the token-enabled
 allocation functions. The instrumentation generates calls to functions that
-take a final ``uint64_t token_id`` argument.
+take a final ``size_t token_id`` argument.
 
 .. code-block:: c
 
     // C standard library functions
-    void *__alloc_token_malloc(size_t size, uint64_t token_id);
-    void *__alloc_token_calloc(size_t count, size_t size, uint64_t token_id);
-    void *__alloc_token_realloc(void *ptr, size_t size, uint64_t token_id);
+    void *__alloc_token_malloc(size_t size, size_t token_id);
+    void *__alloc_token_calloc(size_t count, size_t size, size_t token_id);
+    void *__alloc_token_realloc(void *ptr, size_t size, size_t token_id);
     // ...
 
     // C++ operators (mangled names)
-    // operator new(size_t, uint64_t)
-    void *__alloc_token_Znwm(size_t size, uint64_t token_id);
-    // operator new[](size_t, uint64_t)
-    void *__alloc_token_Znam(size_t size, uint64_t token_id);
+    // operator new(size_t, size_t)
+    void *__alloc_token_Znwm(size_t size, size_t token_id);
+    // operator new[](size_t, size_t)
+    void *__alloc_token_Znam(size_t size, size_t token_id);
     // ... other variants like nothrow, etc., are also instrumented.
 
 Fast ABI

clang/include/clang/Driver/SanitizerArgs.h

@@ -74,6 +74,7 @@ class SanitizerArgs {
   bool HwasanUseAliases = false;
   llvm::AsanDetectStackUseAfterReturnMode AsanUseAfterReturn =
       llvm::AsanDetectStackUseAfterReturnMode::Invalid;
+
   std::string MemtagMode;
   bool AllocTokenFastABI = false;
   bool AllocTokenExtended = false;

clang/lib/CodeGen/CGExpr.cpp

@@ -1272,8 +1272,58 @@ void CodeGenFunction::EmitBoundsCheckImpl(const Expr *E, llvm::Value *Bound,
   EmitCheck(std::make_pair(Check, CheckKind), CheckHandler, StaticData, Index);
 }
 
-void CodeGenFunction::EmitAllocTokenHint(llvm::CallBase *CB,
-                                         QualType AllocType) {
+static bool
+typeContainsPointer(QualType T,
+                    llvm::SmallPtrSet<const RecordDecl *, 4> &VisitedRD,
+                    bool &IncompleteType) {
+  QualType CanonicalType = T.getCanonicalType();
+  if (CanonicalType->isPointerType())
+    return true; // base case
+
+  // Look through typedef chain to check for special types.
+  for (QualType CurrentT = T; const auto *TT = CurrentT->getAs<TypedefType>();
+       CurrentT = TT->getDecl()->getUnderlyingType()) {
+    const IdentifierInfo *II = TT->getDecl()->getIdentifier();
+    if (!II)
+      continue;
+    // Special Case: Syntactically uintptr_t is not a pointer; semantically,
+    // however, very likely used as such. Therefore, classify uintptr_t as a
+    // pointer, too.
+    if (II->isStr("uintptr_t"))
+      return true;
+  }
+
+  // The type is an array; check the element type.
+  if (const ArrayType *AT = CanonicalType->getAsArrayTypeUnsafe())
+    return typeContainsPointer(AT->getElementType(), VisitedRD, IncompleteType);
+  // The type is a struct, class, or union.
+  if (const RecordDecl *RD = CanonicalType->getAsRecordDecl()) {
+    if (!RD->isCompleteDefinition()) {
+      IncompleteType = true;
+      return false;
+    }
+    if (!VisitedRD.insert(RD).second)
+      return false; // already visited
+    // Check all fields.
+    for (const FieldDecl *Field : RD->fields()) {
+      if (typeContainsPointer(Field->getType(), VisitedRD, IncompleteType))
+        return true;
+    }
+    // For C++ classes, also check base classes.
+    if (const CXXRecordDecl *CXXRD = dyn_cast<CXXRecordDecl>(RD)) {
+      // Polymorphic types require a vptr.
+      if (CXXRD->isPolymorphic())
+        return true;
+      for (const CXXBaseSpecifier &Base : CXXRD->bases()) {
+        if (typeContainsPointer(Base.getType(), VisitedRD, IncompleteType))
+          return true;
+      }
+    }
+  }
+  return false;
+}
+
+void CodeGenFunction::EmitAllocToken(llvm::CallBase *CB, QualType AllocType) {
   assert(SanOpts.has(SanitizerKind::AllocToken) &&
          "Only needed with -fsanitize=alloc-token");
 
@@ -1290,54 +1340,8 @@ void CodeGenFunction::EmitAllocTokenHint(llvm::CallBase *CB,
   // recursively check if a type contains a pointer type.
   llvm::SmallPtrSet<const RecordDecl *, 4> VisitedRD;
   bool IncompleteType = false;
-  auto TypeContainsPtr = [&](auto &&self, QualType T) -> bool {
-    QualType CanonicalType = T.getCanonicalType();
-    if (CanonicalType->isPointerType())
-      return true; // base case
-
-    // Look through typedef chain to check for special types.
-    for (QualType CurrentT = T; const auto *TT = CurrentT->getAs<TypedefType>();
-         CurrentT = TT->getDecl()->getUnderlyingType()) {
-      const IdentifierInfo *II = TT->getDecl()->getIdentifier();
-      if (!II)
-        continue;
-      // Special Case: Syntactically uintptr_t is not a pointer; semantically,
-      // however, very likely used as such. Therefore, classify uintptr_t as a
-      // pointer, too.
-      if (II->isStr("uintptr_t"))
-        return true;
-    }
-
-    // The type is an array; check the element type.
-    if (const ArrayType *AT = CanonicalType->getAsArrayTypeUnsafe())
-      return self(self, AT->getElementType());
-    // The type is a struct, class, or union.
-    if (const RecordDecl *RD = CanonicalType->getAsRecordDecl()) {
-      if (!RD->isCompleteDefinition()) {
-        IncompleteType = true;
-        return false;
-      }
-      if (!VisitedRD.insert(RD).second)
-        return false; // already visited
-      // Check all fields.
-      for (const FieldDecl *Field : RD->fields()) {
-        if (self(self, Field->getType()))
-          return true;
-      }
-      // For C++ classes, also check base classes.
-      if (const CXXRecordDecl *CXXRD = dyn_cast<CXXRecordDecl>(RD)) {
-        // Polymorphic types require a vptr.
-        if (CXXRD->isPolymorphic())
-          return true;
-        for (const CXXBaseSpecifier &Base : CXXRD->bases()) {
-          if (self(self, Base.getType()))
-            return true;
-        }
-      }
-    }
-    return false;
-  };
-  const bool ContainsPtr = TypeContainsPtr(TypeContainsPtr, AllocType);
+  const bool ContainsPtr =
+      typeContainsPointer(AllocType, VisitedRD, IncompleteType);
   if (!ContainsPtr && IncompleteType)
     return;
   auto *ContainsPtrC = Builder.getInt1(ContainsPtr);
@@ -1346,7 +1350,7 @@ void CodeGenFunction::EmitAllocTokenHint(llvm::CallBase *CB,
   // Format: !{<type-name>, <contains-pointer>}
   auto *MDN =
       llvm::MDNode::get(CGM.getLLVMContext(), {TypeNameMD, ContainsPtrMD});
-  CB->setMetadata(llvm::LLVMContext::MD_alloc_token_hint, MDN);
+  CB->setMetadata(llvm::LLVMContext::MD_alloc_token, MDN);
 }
 
 CodeGenFunction::ComplexPairTy CodeGenFunction::

clang/lib/CodeGen/CGExprCXX.cpp

@@ -1713,8 +1713,8 @@ llvm::Value *CodeGenFunction::EmitCXXNewExpr(const CXXNewExpr *E) {
         CGDI->addHeapAllocSiteMetadata(newCall, allocType, E->getExprLoc());
       }
       if (SanOpts.has(SanitizerKind::AllocToken)) {
-        // Set !alloc_token_hint metadata.
-        EmitAllocTokenHint(newCall, allocType);
+        // Set !alloc_token metadata.
+        EmitAllocToken(newCall, allocType);
       }
     }
 

clang/lib/CodeGen/CodeGenFunction.h

@@ -3349,7 +3349,7 @@ class CodeGenFunction : public CodeGenTypeCache {
                              SanitizerHandler Handler);
 
   /// Emit additional metadata used by the AllocToken instrumentation.
-  void EmitAllocTokenHint(llvm::CallBase *CB, QualType AllocType);
+  void EmitAllocToken(llvm::CallBase *CB, QualType AllocType);
 
   llvm::Value *GetCountedByFieldExprGEP(const Expr *Base, const FieldDecl *FD,
                                         const FieldDecl *CountDecl);

clang/lib/Frontend/CompilerInvocation.cpp

@@ -2374,11 +2374,10 @@ bool CompilerInvocation::ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args,
   if (const auto *Arg = Args.getLastArg(options::OPT_falloc_token_max_EQ)) {
     StringRef S = Arg->getValue();
     uint64_t Value = 0;
-    if (S.getAsInteger(0, Value)) {
+    if (S.getAsInteger(0, Value))
       Diags.Report(diag::err_drv_invalid_value) << Arg->getAsString(Args) << S;
-    } else {
+    else
       Opts.AllocTokenMax = Value;
-    }
   }
 
   Opts.EmitVersionIdentMetadata = Args.hasFlag(OPT_Qy, OPT_Qn, true);

clang/test/CodeGenCXX/alloc-token-pointer.cpp

@@ -31,25 +31,25 @@ int **test_malloc_ptr() {
 
 // CHECK-LABEL: @_Z12test_new_intv(
 int *test_new_int() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 4, i64 0){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 4, i64 0){{.*}} !alloc_token
   return new int;
 }
 
 // CHECK-LABEL: @_Z20test_new_ulong_arrayv(
 unsigned long *test_new_ulong_array() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 80, i64 0){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 80, i64 0){{.*}} !alloc_token
   return new unsigned long[10];
 }
 
 // CHECK-LABEL: @_Z12test_new_ptrv(
 int **test_new_ptr() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 8, i64 1){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 8, i64 1){{.*}} !alloc_token
   return new int*;
 }
 
 // CHECK-LABEL: @_Z18test_new_ptr_arrayv(
 int **test_new_ptr_array() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 80, i64 1){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 80, i64 1){{.*}} !alloc_token
   return new int*[10];
 }
 
@@ -108,13 +108,13 @@ ContainsPtr *test_operatornew_struct_array_with_ptr2() {
 
 // CHECK-LABEL: @_Z24test_new_struct_with_ptrv(
 ContainsPtr *test_new_struct_with_ptr() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 16, i64 1){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 16, i64 1){{.*}} !alloc_token
   return new ContainsPtr;
 }
 
 // CHECK-LABEL: @_Z30test_new_struct_array_with_ptrv(
 ContainsPtr *test_new_struct_array_with_ptr() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 160, i64 1){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 160, i64 1){{.*}} !alloc_token
   return new ContainsPtr[10];
 }
 
@@ -127,13 +127,13 @@ class TestClass {
 
 // CHECK-LABEL: @_Z14test_new_classv(
 TestClass *test_new_class() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 64, i64 0){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 64, i64 0){{.*}} !alloc_token
   return new TestClass();
 }
 
 // CHECK-LABEL: @_Z20test_new_class_arrayv(
 TestClass *test_new_class_array() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 648, i64 0){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 648, i64 0){{.*}} !alloc_token
   return new TestClass[10];
 }
 
@@ -147,13 +147,13 @@ class VirtualTestClass {
 
 // CHECK-LABEL: @_Z22test_new_virtual_classv(
 VirtualTestClass *test_new_virtual_class() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 72, i64 1){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 72, i64 1){{.*}} !alloc_token
   return new VirtualTestClass();
 }
 
 // CHECK-LABEL: @_Z28test_new_virtual_class_arrayv(
 VirtualTestClass *test_new_virtual_class_array() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 728, i64 1){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 728, i64 1){{.*}} !alloc_token
   return new VirtualTestClass[10];
 }
 

clang/test/CodeGenCXX/alloc-token.cpp

@@ -69,25 +69,25 @@ void test_operator_new_nothrow() {
 
 // CHECK-LABEL: @_Z8test_newv(
 int *test_new() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 4, i64 {{[1-9][0-9]*}}){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 4, i64 {{[1-9][0-9]*}}){{.*}} !alloc_token
   return new int;
 }
 
 // CHECK-LABEL: @_Z14test_new_arrayv(
 int *test_new_array() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 40, i64 {{[1-9][0-9]*}}){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 40, i64 {{[1-9][0-9]*}}){{.*}} !alloc_token
   return new int[10];
 }
 
 // CHECK-LABEL: @_Z16test_new_nothrowv(
 int *test_new_nothrow() {
-  // CHECK: call {{.*}} ptr @__alloc_token_ZnwmRKSt9nothrow_t(i64 noundef 4, ptr {{.*}} @_ZSt7nothrow, i64 {{[1-9][0-9]*}}){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_ZnwmRKSt9nothrow_t(i64 noundef 4, ptr {{.*}} @_ZSt7nothrow, i64 {{[1-9][0-9]*}}){{.*}} !alloc_token
   return new (std::nothrow) int;
 }
 
 // CHECK-LABEL: @_Z22test_new_array_nothrowv(
 int *test_new_array_nothrow() {
-  // CHECK: call {{.*}} ptr @__alloc_token_ZnamRKSt9nothrow_t(i64 noundef 40, ptr {{.*}} @_ZSt7nothrow, i64 {{[1-9][0-9]*}}){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_ZnamRKSt9nothrow_t(i64 noundef 40, ptr {{.*}} @_ZSt7nothrow, i64 {{[1-9][0-9]*}}){{.*}} !alloc_token
   return new (std::nothrow) int[10];
 }
 
@@ -123,7 +123,7 @@ void may_throw();
 TestClass *test_exception_handling_new() {
   try {
     // CHECK: invoke {{.*}} ptr @__alloc_token_Znwm(i64 noundef 72, i64 {{[1-9][0-9]*}})
-    // CHECK-NEXT: !alloc_token_hint
+    // CHECK-NEXT: !alloc_token
     TestClass *obj = new TestClass();
     may_throw();
     return obj;
@@ -134,15 +134,15 @@ TestClass *test_exception_handling_new() {
 
 // CHECK-LABEL: @_Z14test_new_classv(
 TestClass *test_new_class() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 72, i64 {{[1-9][0-9]*}}){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znwm(i64 noundef 72, i64 {{[1-9][0-9]*}}){{.*}} !alloc_token
   TestClass *obj = new TestClass();
   obj->data[0] = 42;
   return obj;
 }
 
 // CHECK-LABEL: @_Z20test_new_class_arrayv(
 TestClass *test_new_class_array() {
-  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 728, i64 {{[1-9][0-9]*}}){{.*}} !alloc_token_hint
+  // CHECK: call {{.*}} ptr @__alloc_token_Znam(i64 noundef 728, i64 {{[1-9][0-9]*}}){{.*}} !alloc_token
   TestClass* arr = new TestClass[10];
   arr[0].data[0] = 123;
   return arr;

llvm/docs/LangRef.rst

@@ -2428,7 +2428,7 @@ For example:
     attributed with ``sanitize_realtime``.
     This attribute is incompatible with the ``sanitize_realtime`` attribute.
 ``sanitize_alloc_token``
-    This attributes indicates that implicit allocation token instrumentation
+    This attribute indicates that implicit allocation token instrumentation
     is enabled for this function.
 ``speculative_load_hardening``
     This attribute indicates that
@@ -8392,6 +8392,13 @@ Example:
 The ``nofree`` metadata indicates the memory pointed by the pointer will not be
 freed after the attached instruction.
 
+'``alloc_token``' Metadata
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The ``alloc_token`` metadata may be attached to calls to memory allocation
+functions, and contains richer semantic information about the type of the
+allocation. This information is consumed by the ``alloc-token`` pass to
+instrument such calls with allocation token IDs.
 
 Module Flags Metadata
 =====================