This is an archive of the discontinued LLVM Phabricator instance.

Differential D8811

[libc++abi] Disallow conversions from function pointers to void*.
ClosedPublic

Authored by EricWF on Apr 2 2015, 4:56 PM.

Details

Reviewers
mclow.lists
jroelofs
majnemer
Summary

Function pointers and member function pointers cannot be converted to void*. libc++abi incorrectly allows this conversion for function pointers.

I also flushed out some of the pointer to member function conversion tests.

Diff Detail

Event Timeline

EricWF updated this revision to Diff 23186.Apr 2 2015, 4:56 PM
EricWF retitled this revision from to [libc++abi] Disallow conversions from function pointers to void*..
EricWF updated this object.
EricWF edited the test plan for this revision. (Show Details)
EricWF added reviewers: mclow.lists, jroelofs.
EricWF added a subscriber: Unknown Object (MLST).
jroelofs added inline comments.Apr 3 2015, 3:46 PM
src/private_typeinfo.cpp
390–396

Why would a function pointer have the same typeid as void?

Is it clang that's getting this wrong? Do your new tests pass with GCC as the compiler, but this change reverted?

jroelofs added inline comments.Apr 3 2015, 4:14 PM
src/private_typeinfo.cpp
390–396

Actually, I think clang gets this right, but I'm still confused by your patch because:

#include <cstdio>
void foo() {}
int main() {
  printf("foo   %p %s\n", (void*)&typeid(foo),   typeid(foo).name());
  printf("&foo  %p %s\n", (void*)&typeid(&foo),  typeid(&foo).name());
  printf("void  %p %s\n", (void*)&typeid(void),  typeid(void).name());
  printf("void* %p %s\n", (void*)&typeid(void*), typeid(void*).name());
}

gives:

foo   0x804d4e8 FvvE
&foo  0x804d4f0 PFvvE
void  0x804e440 v
void* 0x804e430 Pv

on codepad (http://codepad.org/beuXVTtd), with similar results for Apple clang.

rsmith added a subscriber: rsmith.Apr 3 2015, 5:00 PM

What confuses you about that output? The patch says that a pointer type whose pointee type is 'void' cannot catch a pointer-to-function; this appears to be a correct change to me.

jroelofs edited edge metadata.Apr 3 2015, 5:21 PM
In D8811#151714, @rsmith wrote:

What confuses you about that output? The patch says that a pointer type whose pointee type is 'void' cannot catch a pointer-to-function; this appears to be a correct change to me.

I expect that output.

I'm confused by the patch because I don't understand how a thrown pointer-to-function could result in is_equal(__pointee, &typeid(void), false)) being true... pointer-to-function's typeid is different than void's (the example output was meant to show that). What causes control to enter the 'then' side of that if in that case?

majnemer added a subscriber: majnemer.Apr 3 2015, 9:58 PM
majnemer added inline comments.
test/catch_member_function_pointer_01.pass.cpp
71–86 ↗(On Diff #23186)

The implication of this test is that an exception of type 'void (A::*)()' can be caught as a 'void (B::*)()'. That doesn't seem right as only the standard pointer conversions are permitted ([except.handle]p3b1 references [conv.ptr] directly).
Pointer to member conversions are separate and described in [conv.mem]p2.

EricWF updated this revision to Diff 24752.Apr 30 2015, 11:26 AM
EricWF edited edge metadata.

Urgent ping! I think this fix should go into 3.6.1 so I would like to land it.

I addressed @majnemer's comments in another patch. I removed the (incorrect) tests that were not related to this fix.

majnemer accepted this revision.Apr 30 2015, 11:50 AM
majnemer added a reviewer: majnemer.

LGTM

This revision is now accepted and ready to land.Apr 30 2015, 11:50 AM
EricWF closed this revision.Apr 30 2015, 6:53 PM

Committed as r236299.

Revision Contents

PathSize
src/
10 lines
test/
16 lines

Diff 24752

src/private_typeinfo.cpp

Context not available.
if (is_equal(__pointee, thrown_pointer_type->__pointee, false)) if (is_equal(__pointee, thrown_pointer_type->__pointee, false))
return true; return true;
// bullet 3A // bullet 3A
if (is_equal(__pointee, &typeid(void), false)) if (is_equal(__pointee, &typeid(void), false)) {
return true; // pointers to functions cannot be converted to void*.
// pointers to member functions are not handled here.
const __function_type_info* thrown_function =
dynamic_cast<const __function_type_info*>(thrown_pointer_type->__pointee);
return (thrown_function == nullptr);
}
jroelofsUnsubmitted
Not Done
ReplyInline Actions

Why would a function pointer have the same typeid as void?

Is it clang that's getting this wrong? Do your new tests pass with GCC as the compiler, but this change reverted?

jroelofs: Why would a function pointer have the same typeid as void? Is it clang that's getting this…
jroelofsUnsubmitted
Not Done
ReplyInline Actions

Actually, I think clang gets this right, but I'm still confused by your patch because:

#include <cstdio>
void foo() {}
int main() {
  printf("foo   %p %s\n", (void*)&typeid(foo),   typeid(foo).name());
  printf("&foo  %p %s\n", (void*)&typeid(&foo),  typeid(&foo).name());
  printf("void  %p %s\n", (void*)&typeid(void),  typeid(void).name());
  printf("void* %p %s\n", (void*)&typeid(void*), typeid(void*).name());
}

gives:

foo   0x804d4e8 FvvE
&foo  0x804d4f0 PFvvE
void  0x804e440 v
void* 0x804e430 Pv

on codepad (http://codepad.org/beuXVTtd), with similar results for Apple clang.

jroelofs: Actually, I think clang gets this right, but I'm still confused by your patch because: ```…
// Handle pointer to pointer // Handle pointer to pointer
const __pointer_type_info* nested_pointer_type = const __pointer_type_info* nested_pointer_type =
dynamic_cast<const __pointer_type_info*>(__pointee); dynamic_cast<const __pointer_type_info*>(__pointee);
Context not available.

test/catch_function_01.pass.cpp

Context not available.
#include <cassert> #include <cassert>
template <class Tp>
bool can_convert(Tp) { return true; }
template <class>
bool can_convert(...) { return false; }
void f() {} void f() {}
int main() int main()
{ {
typedef void Function(); typedef void Function();
assert(!can_convert<Function&>(&f));
assert(!can_convert<void*>(&f));
try try
{ {
throw f; // converts to void (*)() throw f; // converts to void (*)()
Context not available.
{ {
assert(false); assert(false);
} }
catch (void*) // can't catch as void*
{
assert(false);
}
catch(Function*)
{
}
catch (...) catch (...)
{ {
assert(false);
} }
} }
Context not available.