This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Do we want to add -fsanitize=function?
- From: Martin Liška <mliska at suse dot cz>
- To: Jakub Jelinek <jakub at redhat dot com>
- Cc: GCC Development <gcc at gcc dot gnu dot org>, Marek Polacek <polacek at redhat dot com>
- Date: Tue, 14 Jan 2020 13:57:47 +0100
- Subject: Re: Do we want to add -fsanitize=function?
- References: <6dc88671-97d4-11d1-62ce-ebbcaa474c85@suse.cz> <20200114115402.GC10088@tucnak>
On 1/14/20 12:54 PM, Jakub Jelinek wrote:
On Tue, Jan 14, 2020 at 12:36:11PM +0100, Martin Liška wrote:
The missing sanitizer reports about violations of function signatures
for indirect calls, like:
$ cat sanitize-function.cpp
#include <inttypes.h>
void f() {}
void (*fnpointer) (int);
void save () {
fnpointer = reinterpret_cast<void (*)(int)>(reinterpret_cast<uintptr_t>(f));
}
int main(void) {
save ();
fnpointer (32);
}
_Z4savev: # @_Z4savev
.cfi_startproc
.long 846595819 # 0x327606eb
.long .L__unnamed_2-_Z4savev
# %bb.0: # %entry
...
seems to be what they emit on x86_64. Now, wonder what they do on other
targets
Other targets are not supported :P
, and how does it play with all the other options that add stuff
to the start of functions, e.g. -fcf-protection=full (where it needs to
really start with endbr64 instruction)
Using the options one will get:
_Z4savev: # @_Z4savev
.cfi_startproc
.long 846595819 # 0x327606eb
.long .L__unnamed_2-_Z4savev
# %bb.0:
endbr64
So endbr64 is placed after the RTTI record.
, or the various options for
patcheable function entries, -mfentry, profiling and the like.
These work similarly, then follow the RTTI record:
_Z4savev: # @_Z4savev
.cfi_startproc
.long 846595819 # 0x327606eb
.long .L__unnamed_2-_Z4savev
# %bb.0:
callq __fentry__
Martin
Jakub