This is an archive of the discontinued LLVM Phabricator instance.

Differential D111417

[Demangle] Add support for D symbols back referencing
ClosedPublic

Authored by ljmf00 on Oct 8 2021, 8:24 AM.

Details

Reviewers
dblaikie
Commits
rGbec08795db0d: [Demangle] Add support for D symbols back referencing
Summary
This patch adds support for identifier back referencing allowing compressed
mangled names by avoiding repetitiveness.

Signed-off-by: Luís Ferreira <contact@lsferreira.net>

Diff Detail

Event Timeline

ljmf00 created this revision.Oct 8 2021, 8:24 AM
Herald added a subscriber: hiraditya. · View Herald TranscriptOct 8 2021, 8:24 AM
ljmf00 requested review of this revision.Oct 8 2021, 8:24 AM
Herald added a subscriber: llvm-commits. · View Herald TranscriptOct 8 2021, 8:24 AM
Harbormaster completed remote builds in B127774: Diff 378231.Oct 8 2021, 8:25 AM
ljmf00 added a parent revision: D111416: [Demangle] Add minimal support for D simple basic types.Oct 8 2021, 8:25 AM
ljmf00 added a child revision: D111419: [Demangle] Add support for D types back referencing.
ljmf00 added subscribers: dblaikie, Geod24.Oct 8 2021, 9:07 AM
ljmf00 mentioned this in D110576: [Demangle] Add support for D programming language.Oct 8 2021, 11:25 AM
dblaikie added a comment.Oct 8 2021, 5:32 PM

Looks like this is a bit undertested - the number encoding supports uppercase values, but I don't think the test case tests any uppercase (multi-digit/character encoded) values, for instance? As well as various (I count about 3-4 or so, at least) different encoding failure cases that should probably be tested too.

llvm/lib/Demangle/DLangDemangle.cpp
73–84

Perhaps it'd make sense if this took Mangled as a const char** in/out, and returned Optional<Ret>? (both callers overwrite their Mangled parameter with the return result anyway - so seems simpler for it to be in/out?) if Optional isn't available, maybe long min, -1, something could be the invalid result value?

(similarly for decodeBackref)

222–223

is this an overflow check? Can it be reached if the other overflow check at 379 succeeds? (is it tested?)

238–239

Looks like this condition's probably untested? Should it be removed or turned into an assertion?

ljmf00 updated this revision to Diff 397753.Jan 5 2022, 5:30 PM
ljmf00 updated this revision to Diff 397754.Jan 5 2022, 5:35 PM
ljmf00 added inline comments.
llvm/lib/Demangle/DLangDemangle.cpp
73–84

As is, I understand your point, but what if I want to preserve Mangled and use decodeBackref/decodeBackrefPos as an expression for an if, strcmp or else? e.g. On the patch I introduce integer literal values I use decodeBackref like the following:

if (decodeBackref(Mangled, &Backref) == nullptr)
{
    //...
}

If I pass a reference of Mangled and use old Mangled inside, I would need to preserve a copy of its old position to make sure it won't be a "dirty" value. e.g. back reference "AAAA0", will produce a dirty Mangled and can produce bad behaviour afterwards.

222–223

This is a safe check when casting to long. The above overflow check is for unsigned long, but Ret is a long value. This is being done that way because signed overflow checks are considered undefined behaviour, since there is various ways to represent a signed value in different CPU targets. I checked locally, _D8demangleQDXXXXXXXXXXXXx triggers it with the fuzzer when that code is commented, so I'm going to add this to the test suite.

238–239

Well this shouldn't happen and since those methods are not exposed somewhere else, the compiler can optimize this out easily. I think it is reasonable to keep this check as a safety measure, although if we do some action, I maybe prefer to assert it. In my vision, triggering an assert on, e.g. a failed demangling for a linker error is worse than just outputting the mangled symbol anyway (nullptr will make llvm::demangle fallback to the initial Mangled reference). It is also worth mentioning that removing this when assert are disabled in release mode, can produce wrong and hard to debug behaviour.

Harbormaster completed remote builds in B141808: Diff 397754.Jan 5 2022, 6:06 PM
dblaikie added inline comments.Jan 5 2022, 7:28 PM
llvm/lib/Demangle/DLangDemangle.cpp
73–84

Fair enough, if there are future use cases that won't immediately overwrite Mangled, sounds good.

Ret should probably be passed by reference here, and in decodeBackref if they can't be null?

222–223

The fuzzer trips ubsan with this <= 0 check commented out, for this test case? OK, great - thanks for explaining & adding the test case!

Hmm, I'm still not quite sure how this overflow could occur, if the check on line 214 passed. Could you walk me through a specific value of Val at the start of the loop that passes the initial overflow check, but then fails this one? And/or could you explain what the - 25 is for in the earlier overflow check. I'm reading that as "make sure it's not too close to the end, so there's room to add the next value" but maybe it's for some other purpose?

238–239

Sorry, not sure I'm following. Generally if the code can't be reached, it should be an assert, not a runtime check - adding defensive coding to support behavior if there are other bugs in the code isn't something we should be doing. This ensures the code doesn't have "haunted graveyard" kind of effects where code becomes hard to maintain because it's unclear why it's there in the first place, isn't tested, etc. Assertions document the intended invariants in a piece of code that make it easier for developers to make changes in the future.

It is also worth mentioning that removing this when assert are disabled in release mode, can produce wrong and hard to debug behaviour.

It can produce wrong/hard to debug behavior if there's some other bug in the code, yes? Generally the first thing LLVM developers do if they encounter problematic behavior, is run it with an assertions-enabled build which should help diagnose the issue. There's some further discussion here: https://llvm.org/docs/CodingStandards.html#assert-liberally

ljmf00 updated this revision to Diff 399037.Jan 11 2022, 12:12 PM
ljmf00 added a comment.Jan 11 2022, 12:15 PM

I simplified the symbol back referencing. I thought that referencing a back reference was permitted by the ABI spec, but it was pointing to the same position, so it is redundant to add two back-references. I also added a comment on the nullptr tests to describe what it is testing. In the case of Qa, it references itself and hangs.

llvm/lib/Demangle/DLangDemangle.cpp
73–84

Fixed. I will also introduce a patch in the stack to make decodeNumber use Ret by reference, instead.

222–223

The fuzzer trips with Asan, since Ret value is used to offset the current position to discover the back reference. Since it is documented in decodeBackrefPos that Ret is required to be > 0 on success, negative values aren't checked, bad offset memory is dereferenced later, and it eventually segfaults.

All the math operations are made with unsigned long and then casted to a long value, at the end. Lets consider a 64-bit unsigned long, with max capacity of (2^64 - 1). If we consider ((ulong.max - 25) / 26) - 10 (709490156681136589), I can safely do both operations of multiply and add (709490156681136589 * 26 + 25 == 18446744073709551339) and still have a negative value when casting it to long. This would obviously depend on how signed numbers are represented in hardware but will likely produce -277 if two's complement. https://godbolt.org/z/1GaMzzcxj

In another perspective, the last check is here to make sure that a value in unsigned long or long values are the same.

238–239

Right, your points made me change my point of view on that and makes perfect sense, since this is supposed to never ever happen. I was skeptical by the fact that it would produce a wrong behaviour if asserts were disabled, but this end up being easier to debug if, with the same input we trigger the assert.

Harbormaster completed remote builds in B142715: Diff 399037.Jan 11 2022, 1:25 PM
dblaikie accepted this revision.Jan 11 2022, 6:04 PM

Looks good, thanks!

llvm/lib/Demangle/DLangDemangle.cpp
80

Since the function already communicates failure via a null return - should this maybe be an invariant/assertion/postcondition ("Ret is always >=0 on success, and unspecified on failure" or something like that?)

222–223

Ah, thanks for walking me through it!

This revision is now accepted and ready to land.Jan 11 2022, 6:04 PM
ljmf00 updated this revision to Diff 399182.Jan 11 2022, 7:23 PM
ljmf00 added inline comments.
llvm/lib/Demangle/DLangDemangle.cpp
80

Right. Changed the documentation as suggested.

Harbormaster completed remote builds in B142820: Diff 399182.Jan 11 2022, 8:52 PM
This revision was landed with ongoing or failed builds.Jan 12 2022, 2:02 PM
Closed by commit rGbec08795db0d: [Demangle] Add support for D symbols back referencing (authored by ljmf00). · Explain Why
This revision was automatically updated to reflect the committed changes.
ljmf00 added a commit: rGbec08795db0d: [Demangle] Add support for D symbols back referencing.

Revision Contents

PathSize
llvm/
lib/
Demangle/
142 lines
unittests/
Demangle/
5 lines

Diff 397753

llvm/lib/Demangle/DLangDemangle.cpp

Show First 20 LinesShow All 64 Lines▼ Show 20 Linesprivate:
/// ///
/// \return The remaining string on success or nullptr on failure. /// \return The remaining string on success or nullptr on failure.
/// ///
/// \note A result larger than UINT_MAX is considered a failure. /// \note A result larger than UINT_MAX is considered a failure.
/// ///
/// \see https://dlang.org/spec/abi.html#Number . /// \see https://dlang.org/spec/abi.html#Number .
const char *decodeNumber(const char *Mangled, unsigned long *Ret); const char *decodeNumber(const char *Mangled, unsigned long *Ret);
/// Extract the back reference position from a given string.
///
/// \param Mangled string to extract the back reference position.
/// \param Ret assigned result value.
///
/// \return the remaining string on success or nullptr on failure.
///
/// \note a result <= 0 is a failure.
dblaikieUnsubmitted
Not Done
ReplyInline Actions

Since the function already communicates failure via a null return - should this maybe be an invariant/assertion/postcondition ("Ret is always >=0 on success, and unspecified on failure" or something like that?)

dblaikie: Since the function already communicates failure via a null return - should this maybe be an…
ljmf00AuthorUnsubmitted
Done
ReplyInline Actions

Right. Changed the documentation as suggested.

ljmf00: Right. Changed the documentation as suggested.
///
/// \see https://dlang.org/spec/abi.html#back_ref .
/// \see https://dlang.org/spec/abi.html#NumberBackRef .
const char *decodeBackrefPos(const char *Mangled, long *Ret);
dblaikieUnsubmitted
Not Done
ReplyInline Actions

Perhaps it'd make sense if this took Mangled as a const char** in/out, and returned Optional<Ret>? (both callers overwrite their Mangled parameter with the return result anyway - so seems simpler for it to be in/out?) if Optional isn't available, maybe long min, -1, something could be the invalid result value?

(similarly for decodeBackref)

dblaikie: Perhaps it'd make sense if this took Mangled as a const char** in/out, and returned…
ljmf00AuthorUnsubmitted
Done
ReplyInline Actions

As is, I understand your point, but what if I want to preserve Mangled and use decodeBackref/decodeBackrefPos as an expression for an if, strcmp or else? e.g. On the patch I introduce integer literal values I use decodeBackref like the following:

if (decodeBackref(Mangled, &Backref) == nullptr)
{
    //...
}

If I pass a reference of Mangled and use old Mangled inside, I would need to preserve a copy of its old position to make sure it won't be a "dirty" value. e.g. back reference "AAAA0", will produce a dirty Mangled and can produce bad behaviour afterwards.

ljmf00: As is, I understand your point, but what if I want to preserve Mangled and use…
dblaikieUnsubmitted
Not Done
ReplyInline Actions

Fair enough, if there are future use cases that won't immediately overwrite Mangled, sounds good.

Ret should probably be passed by reference here, and in decodeBackref if they can't be null?

dblaikie: Fair enough, if there are future use cases that won't immediately overwrite `Mangled`, sounds…
ljmf00AuthorUnsubmitted
Done
ReplyInline Actions

Fixed. I will also introduce a patch in the stack to make decodeNumber use Ret by reference, instead.

ljmf00: Fixed. I will also introduce a patch in the stack to make decodeNumber use Ret by reference…
/// Extract the symbol pointed by the back reference form a given string.
///
/// \param Mangled string to extract the back reference position.
/// \param Ret assigned result value.
///
/// \return the remaining string on success or nullptr on failure.
///
/// \see https://dlang.org/spec/abi.html#back_ref .
const char *decodeBackref(const char *Mangled, const char **Ret);
/// Extract and demangle backreferenced symbol from a given mangled symbol
/// and append it to the output string.
///
/// \param Demangled output buffer to write the demangled name.
/// \param Mangled mangled symbol to be demangled.
///
/// \return the remaining string on success or nullptr on failure.
///
/// \see https://dlang.org/spec/abi.html#back_ref .
/// \see https://dlang.org/spec/abi.html#IdentifierBackRef .
const char *parseSymbolBackref(OutputBuffer *Demangled, const char *Mangled);
/// Check whether it is the beginning of a symbol name. /// Check whether it is the beginning of a symbol name.
/// ///
/// \param Mangled string to extract the symbol name. /// \param Mangled string to extract the symbol name.
/// ///
/// \return true on success, false otherwise. /// \return true on success, false otherwise.
/// ///
/// \see https://dlang.org/spec/abi.html#SymbolName . /// \see https://dlang.org/spec/abi.html#SymbolName .
bool isSymbolName(const char *Mangled); bool isSymbolName(const char *Mangled);
▲ Show 20 LinesShow All 71 Lines▼ Show 20 Linesconst char *Demangler::decodeNumber(const char *Mangled, unsigned long *Ret) {
if (*Mangled == '\0') if (*Mangled == '\0')
return nullptr; return nullptr;
*Ret = Val; *Ret = Val;
return Mangled; return Mangled;
} }
const char *Demangler::decodeBackrefPos(const char *Mangled, long *Ret) {
// Return nullptr if trying to extract something that isn't a digit
if (Mangled == nullptr || !std::isalpha(*Mangled))
return nullptr;
// Any identifier or non-basic type that has been emitted to the mangled
// symbol before will not be emitted again, but is referenced by a special
// sequence encoding the relative position of the original occurrence in the
// mangled symbol name.
// Numbers in back references are encoded with base 26 by upper case letters
// A-Z for higher digits but lower case letters a-z for the last digit.
// NumberBackRef:
// [a-z]
// [A-Z] NumberBackRef
// ^
unsigned long Val = 0;
while (std::isalpha(*Mangled)) {
// Check for overflow
if (Val > (std::numeric_limits<unsigned long>::max() - 25) / 26)
break;
Val *= 26;
if (Mangled[0] >= 'a' && Mangled[0] <= 'z') {
Val += Mangled[0] - 'a';
if ((long)Val <= 0)
break;
*Ret = Val;
dblaikieUnsubmitted
Not Done
ReplyInline Actions

is this an overflow check? Can it be reached if the other overflow check at 379 succeeds? (is it tested?)

dblaikie: is this an overflow check? Can it be reached if the other overflow check at 379 succeeds? (is…
ljmf00AuthorUnsubmitted
Done
ReplyInline Actions

This is a safe check when casting to long. The above overflow check is for unsigned long, but Ret is a long value. This is being done that way because signed overflow checks are considered undefined behaviour, since there is various ways to represent a signed value in different CPU targets. I checked locally, _D8demangleQDXXXXXXXXXXXXx triggers it with the fuzzer when that code is commented, so I'm going to add this to the test suite.

ljmf00: This is a safe check when casting to long. The above overflow check is for unsigned long, but…
dblaikieUnsubmitted
Not Done
ReplyInline Actions

The fuzzer trips ubsan with this <= 0 check commented out, for this test case? OK, great - thanks for explaining & adding the test case!

Hmm, I'm still not quite sure how this overflow could occur, if the check on line 214 passed. Could you walk me through a specific value of Val at the start of the loop that passes the initial overflow check, but then fails this one? And/or could you explain what the - 25 is for in the earlier overflow check. I'm reading that as "make sure it's not too close to the end, so there's room to add the next value" but maybe it's for some other purpose?

dblaikie: The fuzzer trips ubsan with this `<= 0` check commented out, for this test case? OK, great…
ljmf00AuthorUnsubmitted
Done
ReplyInline Actions

The fuzzer trips with Asan, since Ret value is used to offset the current position to discover the back reference. Since it is documented in decodeBackrefPos that Ret is required to be > 0 on success, negative values aren't checked, bad offset memory is dereferenced later, and it eventually segfaults.

All the math operations are made with unsigned long and then casted to a long value, at the end. Lets consider a 64-bit unsigned long, with max capacity of (2^64 - 1). If we consider ((ulong.max - 25) / 26) - 10 (709490156681136589), I can safely do both operations of multiply and add (709490156681136589 * 26 + 25 == 18446744073709551339) and still have a negative value when casting it to long. This would obviously depend on how signed numbers are represented in hardware but will likely produce -277 if two's complement. https://godbolt.org/z/1GaMzzcxj

In another perspective, the last check is here to make sure that a value in unsigned long or long values are the same.

ljmf00: The fuzzer trips with Asan, since Ret value is used to offset the current position to discover…
dblaikieUnsubmitted
Not Done
ReplyInline Actions

Ah, thanks for walking me through it!

dblaikie: Ah, thanks for walking me through it!
return Mangled + 1;
}
Val += Mangled[0] - 'A';
++Mangled;
}
return nullptr;
}
const char *Demangler::decodeBackref(const char *Mangled, const char **Ret) {
*Ret = nullptr;
if (Mangled == nullptr || *Mangled != 'Q')
return nullptr;
dblaikieUnsubmitted
Not Done
ReplyInline Actions

Looks like this condition's probably untested? Should it be removed or turned into an assertion?

dblaikie: Looks like this condition's probably untested? Should it be removed or turned into an assertion?
ljmf00AuthorUnsubmitted
Done
ReplyInline Actions

Well this shouldn't happen and since those methods are not exposed somewhere else, the compiler can optimize this out easily. I think it is reasonable to keep this check as a safety measure, although if we do some action, I maybe prefer to assert it. In my vision, triggering an assert on, e.g. a failed demangling for a linker error is worse than just outputting the mangled symbol anyway (nullptr will make llvm::demangle fallback to the initial Mangled reference). It is also worth mentioning that removing this when assert are disabled in release mode, can produce wrong and hard to debug behaviour.

ljmf00: Well this shouldn't happen and since those methods are not exposed somewhere else, the compiler…
dblaikieUnsubmitted
Not Done
ReplyInline Actions

Sorry, not sure I'm following. Generally if the code can't be reached, it should be an assert, not a runtime check - adding defensive coding to support behavior if there are other bugs in the code isn't something we should be doing. This ensures the code doesn't have "haunted graveyard" kind of effects where code becomes hard to maintain because it's unclear why it's there in the first place, isn't tested, etc. Assertions document the intended invariants in a piece of code that make it easier for developers to make changes in the future.

It is also worth mentioning that removing this when assert are disabled in release mode, can produce wrong and hard to debug behaviour.

It can produce wrong/hard to debug behavior if there's some other bug in the code, yes? Generally the first thing LLVM developers do if they encounter problematic behavior, is run it with an assertions-enabled build which should help diagnose the issue. There's some further discussion here: https://llvm.org/docs/CodingStandards.html#assert-liberally

dblaikie: Sorry, not sure I'm following. Generally if the code can't be reached, it should be an assert…
ljmf00AuthorUnsubmitted
Done
ReplyInline Actions

Right, your points made me change my point of view on that and makes perfect sense, since this is supposed to never ever happen. I was skeptical by the fact that it would produce a wrong behaviour if asserts were disabled, but this end up being easier to debug if, with the same input we trigger the assert.

ljmf00: Right, your points made me change my point of view on that and makes perfect sense, since this…
// Position of 'Q'
const char *Qpos = Mangled;
long RefPos;
++Mangled;
Mangled = decodeBackrefPos(Mangled, &RefPos);
if (Mangled == nullptr)
return nullptr;
if (RefPos > Qpos - Str)
return nullptr;
// Set the position of the back reference.
*Ret = Qpos - RefPos;
return Mangled;
}
const char *Demangler::parseSymbolBackref(OutputBuffer *Demangled,
const char *Mangled) {
// An identifier back reference always points to a digit 0 to 9.
// IdentifierBackRef:
// Q NumberBackRef
// ^
const char *Backref;
unsigned long Len;
// Get position of the back reference
Mangled = decodeBackref(Mangled, &Backref);
// Must point to a simple identifier
Backref = decodeNumber(Backref, &Len);
if (Backref == nullptr || strlen(Backref) < Len)
return nullptr;
Backref = parseLName(Demangled, Backref, Len);
if (Backref == nullptr)
return nullptr;
return Mangled;
}
bool Demangler::isSymbolName(const char *Mangled) { bool Demangler::isSymbolName(const char *Mangled) {
long Ret;
const char *Qref = Mangled;
if (std::isdigit(*Mangled)) if (std::isdigit(*Mangled))
return true; return true;
// TODO: Handle symbol back references and template instances. // TODO: Handle template instances.
if (*Mangled != 'Q')
return false; return false;
Mangled = decodeBackrefPos(Mangled + 1, &Ret);
if (Mangled == nullptr || Ret > Qref - Str)
return false;
return std::isdigit(Qref[-Ret]);
} }
const char *Demangler::parseMangle(OutputBuffer *Demangled, const char *Demangler::parseMangle(OutputBuffer *Demangled,
const char *Mangled) { const char *Mangled) {
// A D mangled symbol is comprised of both scope and type information. // A D mangled symbol is comprised of both scope and type information.
// MangleName: // MangleName:
// _D QualifiedName Type // _D QualifiedName Type
// _D QualifiedName Z // _D QualifiedName Z
▲ Show 20 LinesShow All 65 Lines▼ Show 20 Lines
const char *Demangler::parseIdentifier(OutputBuffer *Demangled, const char *Demangler::parseIdentifier(OutputBuffer *Demangled,
const char *Mangled) { const char *Mangled) {
unsigned long Len; unsigned long Len;
if (Mangled == nullptr || *Mangled == '\0') if (Mangled == nullptr || *Mangled == '\0')
return nullptr; return nullptr;
// TODO: Parse back references and lengthless template instances. if (*Mangled == 'Q')
return parseSymbolBackref(Demangled, Mangled);
// TODO: Parse lengthless template instances.
const char *Endptr = decodeNumber(Mangled, &Len); const char *Endptr = decodeNumber(Mangled, &Len);
if (Endptr == nullptr || Len == 0) if (Endptr == nullptr || Len == 0)
return nullptr; return nullptr;
if (strlen(Endptr) < Len) if (strlen(Endptr) < Len)
return nullptr; return nullptr;
▲ Show 20 LinesShow All 151 LinesShow Last 20 Lines

llvm/unittests/Demangle/DLangDemangleTest.cpp

Show First 20 LinesShow All 44 Lines▼ Show 20 Lines testing::Values(
std::make_pair("_D8demangle4test11__InterfaceZ", std::make_pair("_D8demangle4test11__InterfaceZ",
"Interface for demangle.test"), "Interface for demangle.test"),
std::make_pair("_D8demangle4test12__ModuleInfoZ", std::make_pair("_D8demangle4test12__ModuleInfoZ",
"ModuleInfo for demangle.test"), "ModuleInfo for demangle.test"),
std::make_pair("_D8demangle4__S14testZ", "demangle.test"), std::make_pair("_D8demangle4__S14testZ", "demangle.test"),
std::make_pair("_D8demangle4__Sd4testZ", "demangle.__Sd.test"), std::make_pair("_D8demangle4__Sd4testZ", "demangle.__Sd.test"),
std::make_pair("_D8demangle1ii", "demangle.i"), std::make_pair("_D8demangle1ii", "demangle.i"),
std::make_pair("_D8demangle1vv", "demangle.v"), std::make_pair("_D8demangle1vv", "demangle.v"),
std::make_pair("_D8demangle1iinvalidtypeseq", nullptr))); // invalid type sequence std::make_pair("_D8demangle1iinvalidtypeseq", nullptr), // invalid type sequence
std::make_pair("_D8demangle3ABCQeQg1ai", "demangle.ABC.ABC.ABC.a"),
std::make_pair("_D8demangle3ABCQeQaaaa1ai", nullptr), // invalid symbol back reference
std::make_pair("_D8demangleQDXXXXXXXXXXXXx", nullptr)));