This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
lib/Sema/
-
Sema/
-
SemaInit.cpp
-
test/Sema/
-
Sema/
1/3
init-randomized-struct.c

Differential D124694

[randstruct] Move initializer check to be more effective
ClosedPublic

Authored by void on Apr 29 2022, 1:15 PM.

Download Raw Diff

Details

Reviewers

stuij
MaskRay
aaron.ballman

Commits

rGf2639cf3fe46: [randstruct] Move initializer check to be more effective

Summary

If a randomized structure has an initializer with a dedicated
initializer in it, the field initialzed by that dedicated initializer
may end up at the end of the RecordDecl. This however may skip the
random layout initization check.

struct t {
   int a, b, c, d, e;
} x = { .a = 2, 4, 5, 6 };

Let's say that "a" is lands as the last field after randomization. The
call to CheckDesignatedInitializer sets the iterator to the end of the
initializer list. During the next iteration of the initializer list
check, it detects that and fails to issue the error about initializing
a randomized struct with non-designated initializer. Instead, it issues
an error about "excess elements in struct initializer", which is
confusing under these circumstances.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

void created this revision.Apr 29 2022, 1:15 PM

Herald added a project: Restricted Project. · View Herald TranscriptApr 29 2022, 1:15 PM

Herald added a subscriber: StephenFan. · View Herald Transcript

void requested review of this revision.Apr 29 2022, 1:15 PM

Herald added a project: Restricted Project. · View Herald TranscriptApr 29 2022, 1:15 PM

Herald added a subscriber: cfe-commits. · View Herald Transcript

Harbormaster completed remote builds in B162052: Diff 426149.Apr 29 2022, 2:57 PM

struct t {
   int a, b, c, d, e;
} x = { .a = 2, 4, 5, 6 };

This situation seems like it should be an error, shouldn't it? The user specified one designated initializer (yay, that one is correct), but the rest are positional initializers and so there's no telling what they actually initialize due to field randomization.

clang/test/Sema/init-randomized-struct.c
1	Why is this change needed? (Also, shouldn't there be other test coverage added to the file?)

In D124694#3485585, @aaron.ballman wrote:
struct t {
   int a, b, c, d, e;
} x = { .a = 2, 4, 5, 6 };
This situation seems like it should be an error, shouldn't it? The user specified one designated initializer (yay, that one is correct), but the rest are positional initializers and so there's no telling what they actually initialize due to field randomization.

That is diagnosed as an error. The issue is that after randomization, the a field is placed at the end of the structure. The initializer checker then sees the .a = 2 and says, "Ah! That's the one at the end of the structure. Any non-designated initializers afterwards will be excess ones," which is what happens. But that warning is completely mysterious to the end users who isn't told that they can't have a non-designated initializer on a randomized structure. Moving the diagnostic check allows the correct warning to be emitted instead of the "excess elements" one.

clang/test/Sema/init-randomized-struct.c
1	That seed is how to replicate this issue. The test exists and is triggered by this change. I can add a comment to that effect.

In D124694#3486547, @void wrote:
In D124694#3485585, @aaron.ballman wrote:
struct t {
   int a, b, c, d, e;
} x = { .a = 2, 4, 5, 6 };
This situation seems like it should be an error, shouldn't it? The user specified one designated initializer (yay, that one is correct), but the rest are positional initializers and so there's no telling what they actually initialize due to field randomization.
That is diagnosed as an error. The issue is that after randomization, the a field is placed at the end of the structure. The initializer checker then sees the .a = 2 and says, "Ah! That's the one at the end of the structure. Any non-designated initializers afterwards will be excess ones," which is what happens. But that warning is completely mysterious to the end users who isn't told that they can't have a non-designated initializer on a randomized structure. Moving the diagnostic allows the correct warning to be emitted instead of the "excess elements" one.

s/is placed/may be places/

In D124694#3486547, @void wrote:
In D124694#3485585, @aaron.ballman wrote:
struct t {
   int a, b, c, d, e;
} x = { .a = 2, 4, 5, 6 };
This situation seems like it should be an error, shouldn't it? The user specified one designated initializer (yay, that one is correct), but the rest are positional initializers and so there's no telling what they actually initialize due to field randomization.
That is diagnosed as an error. The issue is that after randomization, the a field is placed at the end of the structure. The initializer checker then sees the .a = 2 and says, "Ah! That's the one at the end of the structure. Any non-designated initializers afterwards will be excess ones," which is what happens. But that warning is completely mysterious to the end users who isn't told that they can't have a non-designated initializer on a randomized structure. Moving the diagnostic check allows the correct warning to be emitted instead of the "excess elements" one.

Ohhhhh! Thank you for the extra explanation, that makes a lot more sense to me now. LGTM with a commenting request.

clang/test/Sema/init-randomized-struct.c
1	Yeah, adding such a comment would be helpful, both for code archeology and as a hint to others editing the file in the future that this seed value is special and should not be changed.

This revision is now accepted and ready to land.May 3 2022, 4:35 AM

Closed by commit rGf2639cf3fe46: [randstruct] Move initializer check to be more effective (authored by void). · Explain WhyMay 3 2022, 11:23 AM

This revision was automatically updated to reflect the committed changes.

void added a commit: rGf2639cf3fe46: [randstruct] Move initializer check to be more effective.

Revision Contents

Path

Size

clang/

lib/

Sema/

SemaInit.cpp

10 lines

test/

Sema/

init-randomized-struct.c

9 lines

Diff 426788

clang/lib/Sema/SemaInit.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 2,164 Lines • ▼ Show 20 Lines	if (DesignatedInitExpr *DIE = dyn_cast<DesignatedInitExpr>(Init)) {
InitializedSomething = true;		InitializedSomething = true;

// Disable check for missing fields when designators are used.		// Disable check for missing fields when designators are used.
// This matches gcc behaviour.		// This matches gcc behaviour.
CheckForMissingFields = false;		CheckForMissingFields = false;
continue;		continue;
}		}

if (Field == FieldEnd) {
// We've run out of fields. We're done.
break;
}

// Check if this is an initializer of forms:		// Check if this is an initializer of forms:
//		//
// struct foo f = {};		// struct foo f = {};
// struct foo g = {0};		// struct foo g = {0};
//		//
// These are okay for randomized structures. [C99 6.7.8p19]		// These are okay for randomized structures. [C99 6.7.8p19]
//		//
// Also, if there is only one element in the structure, we allow something		// Also, if there is only one element in the structure, we allow something
Show All 13 Lines	while (Index < IList->getNumInits()) {
// Don't allow non-designated initializers on randomized structures.		// Don't allow non-designated initializers on randomized structures.
if (RD->isRandomized() && !IsZeroInitializer(Init)) {		if (RD->isRandomized() && !IsZeroInitializer(Init)) {
if (!VerifyOnly)		if (!VerifyOnly)
SemaRef.Diag(InitLoc, diag::err_non_designated_init_used);		SemaRef.Diag(InitLoc, diag::err_non_designated_init_used);
hadError = true;		hadError = true;
break;		break;
}		}

		if (Field == FieldEnd) {
		// We've run out of fields. We're done.
		break;
		}

// We've already initialized a member of a union. We're done.		// We've already initialized a member of a union. We're done.
if (InitializedSomething && DeclType->isUnionType())		if (InitializedSomething && DeclType->isUnionType())
break;		break;

// If we've hit the flexible array member at the end, we're done.		// If we've hit the flexible array member at the end, we're done.
if (Field->getType()->isIncompleteArrayType())		if (Field->getType()->isIncompleteArrayType())
break;		break;

▲ Show 20 Lines • Show All 8,047 Lines • Show Last 20 Lines

clang/test/Sema/init-randomized-struct.c

	// RUN: %clang_cc1 -triple=x86_64-unknown-linux -frandomize-layout-seed=1234567890abcdef \			// RUN: %clang_cc1 -triple=x86_64-unknown-linux -frandomize-layout-seed=1234567890abcded \
				aaron.ballmanUnsubmitted Not Done Reply Inline Actions Why is this change needed? (Also, shouldn't there be other test coverage added to the file?) aaron.ballman: Why is this change needed? (Also, shouldn't there be other test coverage added to the file?)
				voidAuthorUnsubmitted Done Reply Inline Actions That seed is how to replicate this issue. The test exists and is triggered by this change. I can add a comment to that effect. void: That seed is how to replicate this issue. The test exists and is triggered by this change. I…
				aaron.ballmanUnsubmitted Not Done Reply Inline Actions Yeah, adding such a comment would be helpful, both for code archeology and as a hint to others editing the file in the future that this seed value is special and should not be changed. aaron.ballman: Yeah, adding such a comment would be helpful, both for code archeology and as a hint to others…
	// RUN: -verify -fsyntax-only -Werror %s			// RUN: -verify -fsyntax-only -Werror %s

				// NOTE: The current seed (1234567890abcded) is specifically chosen because it
				// uncovered a bug in diagnostics. With it the randomization of "t9" places the
				// "a" element at the end of the record. When that happens, the clang complains
				// about excessive initializers, which is confusing, because there aren't
				// excessive initializers. It should instead complain about using a
				// non-designated initializer on a raqndomized struct.

	// Initializing a randomized structure requires a designated initializer,			// Initializing a randomized structure requires a designated initializer,
	// otherwise the element ordering will be off. The only exceptions to this rule			// otherwise the element ordering will be off. The only exceptions to this rule
	// are:			// are:
	//			//
	// - A structure with only one element, and			// - A structure with only one element, and
	// - A structure initialized with "{0}".			// - A structure initialized with "{0}".
	//			//
	// These are well-defined situations where the field ordering doesn't affect			// These are well-defined situations where the field ordering doesn't affect
	▲ Show 20 Lines • Show All 59 Lines • Show Last 20 Lines