Package optimization allows bypassing resilience, but that assumes the memory layout of the

decl being accessed is correct. When this assumption fails due to a deserialization error of its members, the use site accesses the layout with a wrong field offset, resulting in UB or a crash. The deserialization error is currently not caught at compile time due to LangOpts.EnableDeserializationRecovery being enabled by default to allow for recovery of some of the deserialization errors at a later time. In case of member deserialization, however, it's not necessarily recovered later on. This PR tracks whether member deserialization had an error by recursively loading members and checking for deserialization error, and fails and emits a diagnostic. It provides a way to prevent resilience bypassing when the deserialized decl's layout is incorrect. Resolves rdar://132411524
2025-12-14 20:36:38 +01:00 · 2024-12-16 16:30:36 -08:00
parent 26b2f7bb47
commit c03abed00d
12 changed files with 431 additions and 18 deletions
--- a/lib/Frontend/CompilerInvocation.cpp
+++ b/lib/Frontend/CompilerInvocation.cpp
@@ -1354,6 +1354,7 @@ static bool ParseLangArgs(LangOptions &Opts, ArgList &Args,
    }
  }

+  Opts.SkipDeserializationChecksForPackageCMO = Args.hasArg(OPT_ExperimentalSkipDeserializationChecksForPackageCMO);
  Opts.AllowNonResilientAccess =
      Args.hasArg(OPT_experimental_allow_non_resilient_access) ||
      Args.hasArg(OPT_allow_non_resilient_access) ||