Implement bad cast checks using control flow integrity information.

This scheme checks that pointer and lvalue casts are made to an object of the correct dynamic type; that is, the dynamic type of the object must be a derived class of the pointee type of the cast. The checks are currently only introduced where the class being casted to is a polymorphic class. Differential Revision: http://reviews.llvm.org/D8312 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@232241 91177308-0d34-0410-b5e6-96231b3b80d8
author: Peter Collingbourne <peter@pcc.me.uk> 2015-03-14 02:42:25 +0000
committer: Peter Collingbourne <peter@pcc.me.uk> 2015-03-14 02:42:25 +0000
commit: 44802df9eca83fcbe3f23d3ef7126f76a3f3fbbe (patch)
tree: 84d520f2e95c05a673e200fcf6fef4b5a93542be /include/clang/Basic/Sanitizers.def
parent: 09687f9b242fced966ddd68a9601b160d0a96a98 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/include/clang/Basic/Sanitizers.def b/include/clang/Basic/Sanitizers.def
index cded80a9cf..fa58a34a03 100644
--- a/include/clang/Basic/Sanitizers.def
+++ b/include/clang/Basic/Sanitizers.def
@@ -79,8 +79,11 @@ SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow)
 SANITIZER("dataflow", DataFlow)
 
 // Control Flow Integrity
+SANITIZER("cfi-cast-strict", CFICastStrict)
+SANITIZER("cfi-derived-cast", CFIDerivedCast)
+SANITIZER("cfi-unrelated-cast", CFIUnrelatedCast)
 SANITIZER("cfi-vptr", CFIVptr)
-SANITIZER_GROUP("cfi", CFI, CFIVptr)
+SANITIZER_GROUP("cfi", CFI, CFIDerivedCast | CFIUnrelatedCast | CFIVptr)
 
 // -fsanitize=undefined-trap includes sanitizers from -fsanitize=undefined
 // that can be used without runtime support, generally by providing extra
author	Peter Collingbourne <peter@pcc.me.uk>	2015-03-14 02:42:25 +0000
committer	Peter Collingbourne <peter@pcc.me.uk>	2015-03-14 02:42:25 +0000
commit	44802df9eca83fcbe3f23d3ef7126f76a3f3fbbe (patch)
tree	84d520f2e95c05a673e200fcf6fef4b5a93542be /include/clang/Basic/Sanitizers.def
parent	09687f9b242fced966ddd68a9601b160d0a96a98 (diff)