This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
include/clang/AST/
-
clang/
-
AST/
1/1
Expr.h
-
lib/
-
AST/
-
Expr.cpp
-
Sema/
-
SemaExpr.cpp
-
test/SemaCXX/
-
SemaCXX/
-
recovery-expr-type.cpp

Differential D104052

[clang] Fix CallExpr dependence bit may not respecting all its arguments.
ClosedPublic

Authored by hokein on Jun 10 2021, 12:01 PM.

Download Raw Diff

Details

Reviewers

sammccall

Summary

Before this patch, the dependence of CallExpr was only computed in the
constructor, the dependence bits might not reflect truth -- some arguments might
be not set (nullptr) during this time, e.g. CXXDefaultArgExpr will be set via
the setArg method in the later parsing stage, so we need to recompute the
dependence bits.

Diff Detail

Repository: rG LLVM Github Monorepo

Unit TestsFailed

	Time	Test
	1,720 ms	x64 debian > libFuzzer.libFuzzer::dataflow.test
	127,870 ms	x64 debian > libFuzzer.libFuzzer::only-some-bytes-fork.test
	7,740 ms	x64 debian > libFuzzer.libFuzzer::only-some-bytes.test

Event Timeline

hokein requested review of this revision.Jun 10 2021, 12:01 PM

hokein created this revision.

Herald added a project: Restricted Project. · View Herald TranscriptJun 10 2021, 12:01 PM

Harbormaster completed remote builds in B108663: Diff 351230.Jun 10 2021, 12:53 PM

This seems correct but it also seems like it makes setting all the args of a CallExpr into a quadratic operation.
e.g. ConvertArgumentForCall and BuildResolvedCallExpr in SemaExpr seem to do this (not just missing/changed args) and are probably on common code paths.
It's hard to see how to fix this without touching the API or being fiddly with the dependence bits (e.g. setArg only needs to rescan all args if we're removing at least one dep bit vs the old value, which should be rare).

Also this function just calls through to the (mutable) getArgs() which returns a mutable Expr**. This allows mutating args, bypassing setArg(), and ISTM there are cases where this really happens e.g. in TreeTransform::TransformCallExpr.
Again, it seems like changing the API might be the answer here: we can separate out the getArgs() which only need read access from those that are doing something tricky.

A tempting API would be something like getMutableArgs() -> some smart object that exposes the mutable arg array and also recalculates dependence when destroyed.
I guess the way to make this ergonomic is to actually inherit from MutableArrayRef, like:

class CallExpr::MutableArgs : public MutableArrayRef<Expr> {
  CallExpr *Parent;
public:
  // Note that "slicing" copy to MutableArrayRef is still allowed.
  MutableArgs(const MutableArgs&) = delete;
  MutableArgs &operator=(const MutableArgs&) = delete;
  MutableArgs(MutableArgs&&) = delete;
  MutableArgs &operator=(MutableArgs&&) = delete;

  ~MutableArgs() { Parent->recomputeDependence(); }
};

I'm not sure if you see this as overengineering.
I think I can also live with adding explicit recomputeDependence() calls in the right places, and slapping a warning on setArg() that it might be needed.
But i'm not sure that making setArg() implicitly recalculate is a happy in-between point. WDYT?

Ping - curious about your thoughts here!

refine the solution: introduce a separate method, and call it when needed.

sorry for the delay, I lost the track.

I think I can also live with adding explicit recomputeDependence() calls in the right places, and slapping a warning on setArg() that it might be needed.

I'm inclined with this option.

As you mentioned, there are two major places (ConvertArgumentForCall and BuildResolvedCallExpr in SemaExpr) calling setArg, and it is trivial to update them.
There are a lot of setArg usage in SemaChecking.cpp, but I think we're not interested to them -- because there are invalid checks before calling setArg and we mostly care about the error-bit.

Harbormaster completed remote builds in B111700: Diff 355469.Jun 30 2021, 3:52 AM

sammccall accepted this revision.Jun 30 2021, 8:22 AM

sammccall added inline comments.

clang/include/clang/AST/Expr.h
2991	by calling computeDependence()

This revision is now accepted and ready to land.Jun 30 2021, 8:22 AM

committed in 314e456dfe85f8b5c53b85a7d815f7d463fe02ef.

Revision Contents

Path

Size

clang/

include/

clang/

AST/

Expr.h

10 lines

lib/

AST/

Expr.cpp

2 lines

Sema/

SemaExpr.cpp

2 lines

test/

SemaCXX/

recovery-expr-type.cpp

5 lines

Diff 355469

clang/include/clang/AST/Expr.h

Show First 20 Lines • Show All 2,981 Lines • ▼ Show 20 Lines	Expr *getArg(unsigned Arg) {
return getArgs()[Arg];		return getArgs()[Arg];
}		}
const Expr *getArg(unsigned Arg) const {		const Expr *getArg(unsigned Arg) const {
assert(Arg < getNumArgs() && "Arg access out of range!");		assert(Arg < getNumArgs() && "Arg access out of range!");
return getArgs()[Arg];		return getArgs()[Arg];
}		}

/// setArg - Set the specified argument.		/// setArg - Set the specified argument.
		/// ! the dependence bits might be stale after calling this setter, it is
		/// caller's responsibility to recompute them.
		sammccallUnsubmitted Done Reply Inline Actions by calling computeDependence() sammccall: by calling computeDependence()
void setArg(unsigned Arg, Expr *ArgExpr) {		void setArg(unsigned Arg, Expr *ArgExpr) {
assert(Arg < getNumArgs() && "Arg access out of range!");		assert(Arg < getNumArgs() && "Arg access out of range!");
getArgs()[Arg] = ArgExpr;		getArgs()[Arg] = ArgExpr;
}		}

		/// Compute and set dependence bits.
		void computeDependence() {
		setDependence(clang::computeDependence(
		this, llvm::makeArrayRef(
		reinterpret_cast<Expr **>(getTrailingStmts() + PREARGS_START),
		getNumPreArgs())));
		}

/// Reduce the number of arguments in this call expression. This is used for		/// Reduce the number of arguments in this call expression. This is used for
/// example during error recovery to drop extra arguments. There is no way		/// example during error recovery to drop extra arguments. There is no way
/// to perform the opposite because: 1.) We don't track how much storage		/// to perform the opposite because: 1.) We don't track how much storage
/// we have for the argument array 2.) This would potentially require growing		/// we have for the argument array 2.) This would potentially require growing
/// the argument array, something we cannot support since the arguments are		/// the argument array, something we cannot support since the arguments are
/// stored in a trailing array.		/// stored in a trailing array.
void shrinkNumArgs(unsigned NewNumArgs) {		void shrinkNumArgs(unsigned NewNumArgs) {
assert((NewNumArgs <= getNumArgs()) &&		assert((NewNumArgs <= getNumArgs()) &&
▲ Show 20 Lines • Show All 3,439 Lines • Show Last 20 Lines

clang/lib/AST/Expr.cpp

Show First 20 Lines • Show All 1,392 Lines • ▼ Show 20 Lines	CallExpr::CallExpr(StmtClass SC, Expr Fn, ArrayRef<Expr > PreArgs,
setCallee(Fn);		setCallee(Fn);
for (unsigned I = 0; I != NumPreArgs; ++I)		for (unsigned I = 0; I != NumPreArgs; ++I)
setPreArg(I, PreArgs[I]);		setPreArg(I, PreArgs[I]);
for (unsigned I = 0; I != Args.size(); ++I)		for (unsigned I = 0; I != Args.size(); ++I)
setArg(I, Args[I]);		setArg(I, Args[I]);
for (unsigned I = Args.size(); I != NumArgs; ++I)		for (unsigned I = Args.size(); I != NumArgs; ++I)
setArg(I, nullptr);		setArg(I, nullptr);

setDependence(computeDependence(this, PreArgs));		this->computeDependence();

CallExprBits.HasFPFeatures = FPFeatures.requiresTrailingStorage();		CallExprBits.HasFPFeatures = FPFeatures.requiresTrailingStorage();
if (hasStoredFPFeatures())		if (hasStoredFPFeatures())
setStoredFPFeatures(FPFeatures);		setStoredFPFeatures(FPFeatures);
}		}

CallExpr::CallExpr(StmtClass SC, unsigned NumPreArgs, unsigned NumArgs,		CallExpr::CallExpr(StmtClass SC, unsigned NumPreArgs, unsigned NumArgs,
bool HasFPFeatures, EmptyShell Empty)		bool HasFPFeatures, EmptyShell Empty)
▲ Show 20 Lines • Show All 3,580 Lines • Show Last 20 Lines

clang/lib/Sema/SemaExpr.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 5,918 Lines • ▼ Show 20 Lines	Sema::ConvertArgumentsForCall(CallExpr Call, Expr Fn,
Invalid = GatherArgumentsForCall(Call->getBeginLoc(), FDecl, Proto, 0, Args,		Invalid = GatherArgumentsForCall(Call->getBeginLoc(), FDecl, Proto, 0, Args,
AllArgs, CallType);		AllArgs, CallType);
if (Invalid)		if (Invalid)
return true;		return true;
unsigned TotalNumArgs = AllArgs.size();		unsigned TotalNumArgs = AllArgs.size();
for (unsigned i = 0; i < TotalNumArgs; ++i)		for (unsigned i = 0; i < TotalNumArgs; ++i)
Call->setArg(i, AllArgs[i]);		Call->setArg(i, AllArgs[i]);

		Call->computeDependence();
return false;		return false;
}		}

bool Sema::GatherArgumentsForCall(SourceLocation CallLoc, FunctionDecl *FDecl,		bool Sema::GatherArgumentsForCall(SourceLocation CallLoc, FunctionDecl *FDecl,
const FunctionProtoType *Proto,		const FunctionProtoType *Proto,
unsigned FirstParam, ArrayRef<Expr *> Args,		unsigned FirstParam, ArrayRef<Expr *> Args,
SmallVectorImpl<Expr *> &AllArgs,		SmallVectorImpl<Expr *> &AllArgs,
VariadicCallType CallType, bool AllowExplicit,		VariadicCallType CallType, bool AllowExplicit,
▲ Show 20 Lines • Show All 896 Lines • ▼ Show 20 Lines	for (unsigned i = 0, e = Args.size(); i != e; i++) {
}		}

if (RequireCompleteType(Arg->getBeginLoc(), Arg->getType(),		if (RequireCompleteType(Arg->getBeginLoc(), Arg->getType(),
diag::err_call_incomplete_argument, Arg))		diag::err_call_incomplete_argument, Arg))
return ExprError();		return ExprError();

TheCall->setArg(i, Arg);		TheCall->setArg(i, Arg);
}		}
		TheCall->computeDependence();
}		}

if (CXXMethodDecl *Method = dyn_cast_or_null<CXXMethodDecl>(FDecl))		if (CXXMethodDecl *Method = dyn_cast_or_null<CXXMethodDecl>(FDecl))
if (!Method->isStatic())		if (!Method->isStatic())
return ExprError(Diag(LParenLoc, diag::err_member_call_without_object)		return ExprError(Diag(LParenLoc, diag::err_member_call_without_object)
<< Fn->getSourceRange());		<< Fn->getSourceRange());

// Check for sentinels		// Check for sentinels
▲ Show 20 Lines • Show All 12,923 Lines • Show Last 20 Lines

clang/test/SemaCXX/recovery-expr-type.cpp

	Show First 20 Lines • Show All 133 Lines • ▼ Show 20 Lines

	void baz() {			void baz() {
	bar(S(123)); // expected-error {{no matching conversion}}			bar(S(123)); // expected-error {{no matching conversion}}
	}			}
	} // namespace test11			} // namespace test11

	namespace test12 {			namespace test12 {
	// Verify we do not crash.			// Verify we do not crash.
	void fun(int *foo = no_such_function()); // expected-error {{undeclared identifier}}			int fun(int *foo = no_such_function()); // expected-error {{undeclared identifier}}
	void baz() { fun(); }			void crash1() { fun(); }
				void crash2() { constexpr int s = fun(); }
	} // namespace test12			} // namespace test12