This is an archive of the discontinued LLVM Phabricator instance.

Differential D121475

[Clang][Sema] Avoid crashing for `__builtin_memcpy_inline` with an array argument
ClosedPublic

Authored by egorzhdan on Mar 11 2022, 10:01 AM.

Details

Reviewers
gchatelet
Commits
rG6ca2f1938f96: [Clang][Sema] Avoid crashing for `__builtin_memcpy_inline` with an array…
Summary

This change teaches the Sema logic for __builtin_memcpy_inline to implicitly convert arrays passed as arguments to pointers, similarly to regular memcpy.

This code will no longer cause a compiler crash:

void f(char *p) {
    char s[1] = {0};
    __builtin_memcpy_inline(p, s, 1);
}

rdar://88147527

Diff Detail

Event Timeline

egorzhdan created this revision.Mar 11 2022, 10:01 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 11 2022, 10:02 AM
egorzhdan requested review of this revision.Mar 11 2022, 10:02 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 11 2022, 10:02 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
Harbormaster completed remote builds in B153792: Diff 414688.Mar 11 2022, 10:43 AM
gchatelet accepted this revision.Mar 14 2022, 2:19 AM

Thx for the patch, please address the comment before submitting.

clang/lib/Sema/SemaChecking.cpp
1946–1953

[nit] It's unclear looking at the function name that it's failing when returning true - one has to read the code to understand. It may be fine now but could become messy with time and refactoring.
Either change the lambda's name FailArgArrayConversion or negate everything.

This revision is now accepted and ready to land.Mar 14 2022, 2:19 AM
egorzhdan updated this revision to Diff 415069.Mar 14 2022, 5:11 AM

Rename a lambda to improve readability

egorzhdan marked an inline comment as done.Mar 14 2022, 5:12 AM
gchatelet accepted this revision.Mar 14 2022, 5:34 AM

Much better, thank you.

Harbormaster completed remote builds in B154084: Diff 415069.Mar 14 2022, 5:42 AM
Closed by commit rG6ca2f1938f96: [Clang][Sema] Avoid crashing for `__builtin_memcpy_inline` with an array… (authored by egorzhdan). · Explain WhyMar 14 2022, 5:47 AM
This revision was automatically updated to reflect the committed changes.
egorzhdan added a commit: rG6ca2f1938f96: [Clang][Sema] Avoid crashing for `__builtin_memcpy_inline` with an array….

Revision Contents

PathSize
clang/
lib/
Sema/
11 lines
test/
Sema/
6 lines

Diff 415073

clang/lib/Sema/SemaChecking.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,937 Lines▼ Show 20 LinesSema::CheckBuiltinFunctionCall(FunctionDecl *FDecl, unsigned BuiltinID,
case Builtin::BI__sync_synchronize: case Builtin::BI__sync_synchronize:
Diag(TheCall->getBeginLoc(), diag::warn_atomic_implicit_seq_cst) Diag(TheCall->getBeginLoc(), diag::warn_atomic_implicit_seq_cst)
<< TheCall->getCallee()->getSourceRange(); << TheCall->getCallee()->getSourceRange();
break; break;
case Builtin::BI__builtin_nontemporal_load: case Builtin::BI__builtin_nontemporal_load:
case Builtin::BI__builtin_nontemporal_store: case Builtin::BI__builtin_nontemporal_store:
return SemaBuiltinNontemporalOverloaded(TheCallResult); return SemaBuiltinNontemporalOverloaded(TheCallResult);
case Builtin::BI__builtin_memcpy_inline: { case Builtin::BI__builtin_memcpy_inline: {
auto ArgArrayConversionFailed = [&](unsigned Arg) {
ExprResult ArgExpr =
DefaultFunctionArrayLvalueConversion(TheCall->getArg(Arg));
if (ArgExpr.isInvalid())
return true;
TheCall->setArg(Arg, ArgExpr.get());
return false;
};
gchateletUnsubmitted
Done
ReplyInline Actions

[nit] It's unclear looking at the function name that it's failing when returning true - one has to read the code to understand. It may be fine now but could become messy with time and refactoring.
Either change the lambda's name FailArgArrayConversion or negate everything.

gchatelet: [nit] It's unclear looking at the function name that it's failing when returning `true` - one…
if (ArgArrayConversionFailed(0) || ArgArrayConversionFailed(1))
return true;
clang::Expr *SizeOp = TheCall->getArg(2); clang::Expr *SizeOp = TheCall->getArg(2);
// We warn about copying to or from `nullptr` pointers when `size` is // We warn about copying to or from `nullptr` pointers when `size` is
// greater than 0. When `size` is value dependent we cannot evaluate its // greater than 0. When `size` is value dependent we cannot evaluate its
// value so we bail out. // value so we bail out.
if (SizeOp->isValueDependent()) if (SizeOp->isValueDependent())
break; break;
if (!SizeOp->EvaluateKnownConstInt(Context).isZero()) { if (!SizeOp->EvaluateKnownConstInt(Context).isZero()) {
CheckNonNullArgument(*this, TheCall->getArg(0), TheCall->getExprLoc()); CheckNonNullArgument(*this, TheCall->getArg(0), TheCall->getExprLoc());
▲ Show 20 LinesShow All 15,394 LinesShow Last 20 Lines

clang/test/Sema/builtins-memcpy-inline.cpp

Show All 30 Linesvoid test_memcpy_inline_non_constant_size(void *dst, const void *src, unsigned size) {
__builtin_memcpy_inline(dst, src, size); // expected-error {{argument to '__builtin_memcpy_inline' must be a constant integer}} __builtin_memcpy_inline(dst, src, size); // expected-error {{argument to '__builtin_memcpy_inline' must be a constant integer}}
} }
template <unsigned size> template <unsigned size>
void test_memcpy_inline_template(void *dst, const void *src) { void test_memcpy_inline_template(void *dst, const void *src) {
// we do not try to evaluate size in non intantiated templates. // we do not try to evaluate size in non intantiated templates.
__builtin_memcpy_inline(dst, src, size); __builtin_memcpy_inline(dst, src, size);
} }
void test_memcpy_inline_implicit_conversion(void *ptr) {
char a[5];
__builtin_memcpy_inline(ptr, a, 5);
__builtin_memcpy_inline(a, ptr, 5);
}