diff options
| author | Leonard Grey <lgrey@chromium.org> | 2023-06-21 17:23:04 -0400 |
|---|---|---|
| committer | Leonard Grey <lgrey@chromium.org> | 2023-07-17 15:18:53 -0400 |
| commit | ac604cc310b70c45a07fc9edeaced4b402739af1 (patch) | |
| tree | db0200ea2b6a2eb48d58a0b0b398c48eca32b84b /compiler-rt | |
| parent | 0f6cf555674959d0b21769fc1c46e23584561f2a (diff) | |
| download | llvm-ac604cc310b70c45a07fc9edeaced4b402739af1.zip llvm-ac604cc310b70c45a07fc9edeaced4b402739af1.tar.gz llvm-ac604cc310b70c45a07fc9edeaced4b402739af1.tar.bz2 | |
[lsan][Darwin] Unconditionally strip high bits from potential pointers
The method cache stashes a mask in the high bits under some circumstances:
https://github.com/apple-oss-distributions/objc4/blob/689525d556eb3dee1ffb700423bccf5ecc501dbf/runtime/objc-cache.mm#L589
I'm hitting this now on macOS 13.4 arm64, so we can no longer rely on OBJC_FAST_IS_RW to identify potential pointers that need to be transformed
Differential Revision: https://reviews.llvm.org/D153471
Diffstat (limited to 'compiler-rt')
| -rw-r--r-- | compiler-rt/lib/lsan/lsan_common.cpp | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/compiler-rt/lib/lsan/lsan_common.cpp b/compiler-rt/lib/lsan/lsan_common.cpp index 9249642..9101c70 100644 --- a/compiler-rt/lib/lsan/lsan_common.cpp +++ b/compiler-rt/lib/lsan/lsan_common.cpp @@ -34,8 +34,6 @@ # else # define OBJC_DATA_MASK 0x00007ffffffffff8UL # endif -// https://github.com/apple-oss-distributions/objc4/blob/8701d5672d3fd3cd817aeb84db1077aafe1a1604/runtime/objc-runtime-new.h#L139 -# define OBJC_FAST_IS_RW 0x8000000000000000UL # endif namespace __lsan { @@ -173,13 +171,11 @@ static uptr GetCallerPC(const StackTrace &stack) { } # if SANITIZER_APPLE -// Objective-C class data pointers are stored with flags in the low bits, so -// they need to be transformed back into something that looks like a pointer. -static inline void *MaybeTransformPointer(void *p) { +// Several pointers in the Objective-C runtime (method cache and class_rw_t, +// for example) are tagged with additional bits we need to strip. +static inline void *TransformPointer(void *p) { uptr ptr = reinterpret_cast<uptr>(p); - if ((ptr & OBJC_FAST_IS_RW) == OBJC_FAST_IS_RW) - ptr &= OBJC_DATA_MASK; - return reinterpret_cast<void *>(ptr); + return reinterpret_cast<void *>(ptr & OBJC_DATA_MASK); } # endif @@ -301,7 +297,7 @@ void ScanRangeForPointers(uptr begin, uptr end, Frontier *frontier, for (; pp + sizeof(void *) <= end; pp += alignment) { void *p = *reinterpret_cast<void **>(pp); # if SANITIZER_APPLE - p = MaybeTransformPointer(p); + p = TransformPointer(p); # endif if (!MaybeUserPointer(reinterpret_cast<uptr>(p))) continue; |