This is an archive of the discontinued LLVM Phabricator instance.

Differential D125167

[WIP] Fix member access of anonymous struct/union fields in C
AcceptedPublic

Authored by aaron.ballman on May 7 2022, 7:39 AM.

Details

Reviewers
rsmith
nickdesaulniers
erichkeane
jyknight
Group Reviewers
Restricted Project
Summary

We were accepting invalid code where the qualifiers of the anonymous structure were not taken into account when forming a member access to one of the indirect fields, as in:

struct S {
  const struct {
    int i;
  };
} s;

void foo(void) {
  s.i = 12; // previously accepted, now rejected
}

We now expose the anonymous structure's field as having a qualified type instead of an unqualified type so that access checking notes that an intermediate object in the expression is qualified. We also adjusted the diagnostic so that it's slightly more user friendly despite this being a rather rare case.

Note, this only impacts C; in C++ and with the Microsoft C anonymous structure extension, the qualifiers are stripped.

Fixes #48099

Diff Detail

Event Timeline

aaron.ballman created this revision.May 7 2022, 7:39 AM
Herald added a project: Restricted Project. · View Herald TranscriptMay 7 2022, 7:39 AM
aaron.ballman requested review of this revision.May 7 2022, 7:39 AM
Herald added a project: Restricted Project. · View Herald TranscriptMay 7 2022, 7:39 AM
Harbormaster completed remote builds in B163321: Diff 427864.May 7 2022, 8:06 AM
aaron.ballman retitled this revision from Fix member access of anonymous struct/union fields in C to [WIP] Fix member access of anonymous struct/union fields in C.May 7 2022, 8:37 AM

I'm marking this as a WIP -- the content is ready to go, but I'm no longer convinced we want to implement this for GCC compatibility as GCC is the only C compiler I can find that cares about the qualifiers: https://godbolt.org/z/hTqY8zMb5

tahonermann added a subscriber: tahonermann.May 9 2022, 8:56 AM
tahonermann added inline comments.
clang/docs/ReleaseNotes.rst
152–157

Perhaps the first sentence should clarify that it applies only to C modes? Though the code changes don't appear to be specific to C.

I'm confused by "Note that qualifiers are ignored in C++ and for Microsoft's extension of anonymous objects". I find it very surprising that cv-qualifiers would be ignored in C++. Unless there is a relevant core issue?

clang/test/Sema/anonymous-struct-union.c
137–140

Top-level cv-qualifiers are ignored in generic selection expressions, so I'm not sure what these assertions are intended to ensure.

aaron.ballman added inline comments.May 9 2022, 9:10 AM
clang/docs/ReleaseNotes.rst
152–157

I can definitely clarify if we decide to go this route.

The C++ behavior is intentional (https://github.com/llvm/llvm-project/blob/main/clang/lib/Sema/SemaDecl.cpp#L5352) but perhaps emergent as the C++ standard is silent on qualifiers on the anonymous union object, but all C++ implementations agree to ignore the qualifiers: https://godbolt.org/z/7Wd8Kn5Mf.

clang/test/Sema/anonymous-struct-union.c
137–140

I think this is the second time I've been caught by that. I keep expecting that the "no two associations can use compatible types" to make that situation an error.

I almost wonder if we should give a warning in cases where an association type is qualified (or is an array/function type rather than a decayed pointer)?

tahonermann added inline comments.May 9 2022, 9:19 AM
clang/test/Sema/anonymous-struct-union.c
137–140

I was surprised when I first learned of this behavior too; it hobbles the utility of generic selection expressions in some cases.

A warning like you suggest does seem appropriate. I'm not aware of any way in which a cv-qualified or non-decayed association type can be used in any useful manner (other than to show that a compiler is not behaving properly). If there is such a use, I would be interested in knowing what it is!

nickdesaulniers mentioned this in D95408: [Sema][C] members of anonymous struct inherit QualType.May 9 2022, 12:05 PM
nickdesaulniers accepted this revision.May 9 2022, 12:10 PM

Consider adding an AST test; that was something that came up in my patch https://reviews.llvm.org/D95408.

I'm pushing back on the WG14 lists to see if this is a good opportunity to clarify the other direction and be compatible with C++ in the process.

It would really be good to have some clarification from WG14 added to the spec; as is, code is being written in the Linux kernel that uses this functionality to avoid marking all members of an anonymous aggregate as const. This is resulting in code being submitted where clang doesn't error on modification of such members, while GCC errors, so such patches are rejected. So developers using clang are getting caught off guard for a code base that needs to be compiler portable.

Kernel developers were of the opinion that it is nice syntactic sugar. For that reason, I agree with them. But I'm also fine leaving this out of clang until the spec is amended to clarify. That said, if WG14 doesn't pursue this (but doesn't reject or accept), I'd like to have this in clang sooner for better compatibility with GCC. It is too bad though if WG14 chooses to further diverge C from C++ over this...

This revision is now accepted and ready to land.May 9 2022, 12:10 PM

Revision Contents

PathSize
clang/
docs/
6 lines
include/
clang/
Basic/
4 lines
lib/
Sema/
9 lines
45 lines
test/
Sema/
23 lines
34 lines

Diff 427864

clang/docs/ReleaseNotes.rst

Show First 20 LinesShow All 143 Lines▼ Show 20 Lines
- Fixed a false positive diagnostic about an unevaluated expression having no - Fixed a false positive diagnostic about an unevaluated expression having no
side effects when the expression is of VLA type and is an operand of the side effects when the expression is of VLA type and is an operand of the
``sizeof`` operator. Fixes `Issue 48010 <https://github.com/llvm/llvm-project/issues/48010>`_. ``sizeof`` operator. Fixes `Issue 48010 <https://github.com/llvm/llvm-project/issues/48010>`_.
- Fixed a false positive diagnostic about scoped enumerations being a C++11 - Fixed a false positive diagnostic about scoped enumerations being a C++11
extension in C mode. A scoped enumeration's enumerators cannot be named in C extension in C mode. A scoped enumeration's enumerators cannot be named in C
because there is no way to fully qualify the enumerator name, so this because there is no way to fully qualify the enumerator name, so this
"extension" was unintentional and useless. This fixes "extension" was unintentional and useless. This fixes
`Issue 42372 <https://github.com/llvm/llvm-project/issues/42372>`_. `Issue 42372 <https://github.com/llvm/llvm-project/issues/42372>`_.
- When forming a member expression, now consider any qualifiers written on an
anonymous structure or union as also applying to the field being referenced.
This fixes an issue where qualifiers were being ignored, allowing you to
assign to a ``const`` field. Note that qualifiers are ignored in C++ and for
Microsoft's extension of anonymous objects. This fixes
`Issues 48099 <https://github.com/llvm/llvm-project/issues/48099>`_.
tahonermannUnsubmitted
Not Done
ReplyInline Actions

Perhaps the first sentence should clarify that it applies only to C modes? Though the code changes don't appear to be specific to C.

I'm confused by "Note that qualifiers are ignored in C++ and for Microsoft's extension of anonymous objects". I find it very surprising that cv-qualifiers would be ignored in C++. Unless there is a relevant core issue?

tahonermann: Perhaps the first sentence should clarify that it applies only to C modes? Though the code…
aaron.ballmanAuthorUnsubmitted
Done
ReplyInline Actions

I can definitely clarify if we decide to go this route.

The C++ behavior is intentional (https://github.com/llvm/llvm-project/blob/main/clang/lib/Sema/SemaDecl.cpp#L5352) but perhaps emergent as the C++ standard is silent on qualifiers on the anonymous union object, but all C++ implementations agree to ignore the qualifiers: https://godbolt.org/z/7Wd8Kn5Mf.

aaron.ballman: I can definitely clarify if we decide to go this route. The C++ behavior is intentional (https…
Improvements to Clang's diagnostics Improvements to Clang's diagnostics
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- ``-Wliteral-range`` will warn on floating-point equality comparisons with - ``-Wliteral-range`` will warn on floating-point equality comparisons with
constants that are not representable in a casted value. For example, constants that are not representable in a casted value. For example,
``(float) f == 0.1`` is always false. ``(float) f == 0.1`` is always false.
- ``-Winline-namespace-reopened-noninline`` now takes into account that the - ``-Winline-namespace-reopened-noninline`` now takes into account that the
``inline`` keyword must appear on the original but not necessarily all ``inline`` keyword must appear on the original but not necessarily all
▲ Show 20 LinesShow All 308 LinesShow Last 20 Lines

clang/include/clang/Basic/DiagnosticSemaKinds.td

Show First 20 LinesShow All 991 Lines▼ Show 20 Lines
"%select{" "%select{"
"cannot assign to return value because function %1 returns a const value|" "cannot assign to return value because function %1 returns a const value|"
"cannot assign to variable %1 with const-qualified type %2|" "cannot assign to variable %1 with const-qualified type %2|"
"cannot assign to %select{non-|}1static data member %2 " "cannot assign to %select{non-|}1static data member %2 "
"with const-qualified type %3|" "with const-qualified type %3|"
"cannot assign to non-static data member within const member function %1|" "cannot assign to non-static data member within const member function %1|"
"cannot assign to %select{variable %2|non-static data member %2|lvalue}1 " "cannot assign to %select{variable %2|non-static data member %2|lvalue}1 "
"with %select{|nested }3const-qualified data member %4|" "with %select{|nested }3const-qualified data member %4|"
"|" // Unused for anonymous objects
"read-only variable is not assignable}0">; "read-only variable is not assignable}0">;
def note_typecheck_assign_const : Note< def note_typecheck_assign_const : Note<
"%select{" "%select{"
"function %1 which returns const-qualified type %2 declared here|" "function %1 which returns const-qualified type %2 declared here|"
"variable %1 declared const here|" "variable %1 declared const here|"
"%select{non-|}1static data member %2 declared const here|" "%select{non-|}1static data member %2 declared const here|"
"member function %q1 is declared const here|" "member function %q1 is declared const here|"
"%select{|nested }1data member %2 declared const here}0">; "%select{|nested }1data member %2 declared const here|"
"anonymous %select{union|struct}1 declared const here}0">;
def warn_unsigned_always_true_comparison : Warning< def warn_unsigned_always_true_comparison : Warning<
"result of comparison of %select{%3|unsigned expression}0 %2 " "result of comparison of %select{%3|unsigned expression}0 %2 "
"%select{unsigned expression|%3}0 is always %4">, "%select{unsigned expression|%3}0 is always %4">,
InGroup<TautologicalUnsignedZeroCompare>, DefaultIgnore; InGroup<TautologicalUnsignedZeroCompare>, DefaultIgnore;
def warn_unsigned_char_always_true_comparison : Warning< def warn_unsigned_char_always_true_comparison : Warning<
"result of comparison of %select{%3|char expression}0 %2 " "result of comparison of %select{%3|char expression}0 %2 "
"%select{char expression|%3}0 is always %4, since char is interpreted as " "%select{char expression|%3}0 is always %4, since char is interpreted as "
▲ Show 20 LinesShow All 991 LinesShow Last 20 Lines

clang/lib/Sema/SemaDecl.cpp

Show First 20 LinesShow All 991 Lines▼ Show 20 Lines
TypeSourceInfo *TInfo = GetTypeForDeclarator(Dc, S); TypeSourceInfo *TInfo = GetTypeForDeclarator(Dc, S);
assert(TInfo && "couldn't build declarator info for anonymous struct/union"); assert(TInfo && "couldn't build declarator info for anonymous struct/union");
// Create a declaration for this anonymous struct/union. // Create a declaration for this anonymous struct/union.
NamedDecl *Anon = nullptr; NamedDecl *Anon = nullptr;
if (RecordDecl *OwningClass = dyn_cast<RecordDecl>(Owner)) { if (RecordDecl *OwningClass = dyn_cast<RecordDecl>(Owner)) {
Anon = FieldDecl::Create( Anon = FieldDecl::Create(
Context, OwningClass, DS.getBeginLoc(), Record->getLocation(), Context, OwningClass, DS.getBeginLoc(), Record->getLocation(),
/*IdentifierInfo=*/nullptr, Context.getTypeDeclType(Record), TInfo, /*IdentifierInfo=*/nullptr,
Context.getTypeDeclType(Record).withFastQualifiers(
DS.getTypeQualifiers()),
TInfo,
/*BitWidth=*/nullptr, /*Mutable=*/false, /*BitWidth=*/nullptr, /*Mutable=*/false,
/*InitStyle=*/ICIS_NoInit); /*InitStyle=*/ICIS_NoInit);
Anon->setAccess(AS); Anon->setAccess(AS);
ProcessDeclAttributes(S, Anon, Dc); ProcessDeclAttributes(S, Anon, Dc);
if (getLangOpts().CPlusPlus) if (getLangOpts().CPlusPlus)
FieldCollector->Add(cast<FieldDecl>(Anon)); FieldCollector->Add(cast<FieldDecl>(Anon));
} else { } else {
DeclSpec::SCS SCSpec = DS.getStorageClassSpec(); DeclSpec::SCS SCSpec = DS.getStorageClassSpec();
StorageClass SC = StorageClassSpecToVarDeclStorageClass(DS); StorageClass SC = StorageClassSpecToVarDeclStorageClass(DS);
if (SCSpec == DeclSpec::SCS_mutable) { if (SCSpec == DeclSpec::SCS_mutable) {
// mutable can only appear on non-static class members, so it's always // mutable can only appear on non-static class members, so it's always
// an error here // an error here
Diag(Record->getLocation(), diag::err_mutable_nonmember); Diag(Record->getLocation(), diag::err_mutable_nonmember);
Invalid = true; Invalid = true;
SC = SC_None; SC = SC_None;
} }
assert(DS.getAttributes().empty() && "No attribute expected"); assert(DS.getAttributes().empty() && "No attribute expected");
Anon = VarDecl::Create(Context, Owner, DS.getBeginLoc(), Anon = VarDecl::Create(Context, Owner, DS.getBeginLoc(),
Record->getLocation(), /*IdentifierInfo=*/nullptr, Record->getLocation(), /*IdentifierInfo=*/nullptr,
Context.getTypeDeclType(Record), TInfo, SC); Context.getTypeDeclType(Record).withFastQualifiers(
DS.getTypeQualifiers()),
TInfo, SC);
// Default-initialize the implicit variable. This initialization will be // Default-initialize the implicit variable. This initialization will be
// trivial in almost all cases, except if a union member has an in-class // trivial in almost all cases, except if a union member has an in-class
// initializer: // initializer:
// union { int n = 0; }; // union { int n = 0; };
ActOnUninitializedDecl(Anon); ActOnUninitializedDecl(Anon);
} }
Anon->setImplicit(); Anon->setImplicit();
▲ Show 20 LinesShow All 991 LinesShow Last 20 Lines

clang/lib/Sema/SemaExpr.cpp

Show First 20 LinesShow All 991 Lines▼ Show 20 Lines
// Update err_typecheck_assign_const and note_typecheck_assign_const // Update err_typecheck_assign_const and note_typecheck_assign_const
// when this enum is changed. // when this enum is changed.
enum { enum {
ConstFunction, ConstFunction,
ConstVariable, ConstVariable,
ConstMember, ConstMember,
ConstMethod, ConstMethod,
NestedConstMember, NestedConstMember,
ConstAnonymousObject, // Only used as a note
ConstUnknown, // Keep as last element ConstUnknown, // Keep as last element
}; };
/// Emit the "read-only variable not assignable" error and print notes to give /// Emit the "read-only variable not assignable" error and print notes to give
/// more information about why the variable is not assignable, such as pointing /// more information about why the variable is not assignable, such as pointing
/// to the declaration of a const variable, showing that a method is const, or /// to the declaration of a const variable, showing that a method is const, or
/// that the function is returning a const reference. /// that the function is returning a const reference.
static void DiagnoseConstAssignment(Sema &S, const Expr *E, static void DiagnoseConstAssignment(Sema &S, const Expr *E,
SourceLocation Loc) { SourceLocation Loc) {
SourceRange ExprRange = E->getSourceRange(); SourceRange ExprRange = E->getSourceRange();
// Only emit one error on the first const found. All other consts will emit // Only emit one error on the first const found. All other consts will emit
// a note to the error. // a note to the error.
bool DiagnosticEmitted = false; bool DiagnosticEmitted = false;
// Track if the current expression is the result of a dereference, and if the // Track if the current expression is the result of a dereference, and if the
// next checked expression is the result of a dereference. // next checked expression is the result of a dereference.
bool IsDereference = false; bool IsDereference = false;
bool NextIsDereference = false; bool NextIsDereference = false;
// Used when diagnosing indirect fields that are const because the anonymous
// object is const rather than the field. This allows us to diagnose the
// field rather than the anonymous object.
const FieldDecl *LastNamedField = nullptr;
// Loop to process MemberExpr chains. // Loop to process MemberExpr chains.
while (true) { while (true) {
IsDereference = NextIsDereference; IsDereference = NextIsDereference;
E = E->IgnoreImplicit()->IgnoreParenImpCasts(); E = E->IgnoreImplicit()->IgnoreParenImpCasts();
if (const MemberExpr *ME = dyn_cast<MemberExpr>(E)) { if (const MemberExpr *ME = dyn_cast<MemberExpr>(E)) {
NextIsDereference = ME->isArrow(); NextIsDereference = ME->isArrow();
const ValueDecl *VD = ME->getMemberDecl(); const ValueDecl *VD = ME->getMemberDecl();
if (const FieldDecl *Field = dyn_cast<FieldDecl>(VD)) { if (const FieldDecl *Field = dyn_cast<FieldDecl>(VD)) {
// Mutable fields can be modified even if the class is const. // Mutable fields can be modified even if the class is const.
if (Field->isMutable()) { if (Field->isMutable()) {
assert(DiagnosticEmitted && "Expected diagnostic not emitted."); assert(DiagnosticEmitted && "Expected diagnostic not emitted.");
break; break;
} }
if (!IsTypeModifiable(Field->getType(), IsDereference)) { if (!IsTypeModifiable(Field->getType(), IsDereference)) {
if (!DiagnosticEmitted) { if (!DiagnosticEmitted) {
S.Diag(Loc, diag::err_typecheck_assign_const) // If the field is an anonymous union or structure, we want to
<< ExprRange << ConstMember << false /*static*/ << Field // diagnose the last named field rather than the unnamed object.
<< Field->getType(); // This requires us to combine the qualifiers from the anonymous
// object with those of the field in order for the diagnostic to
// make sense.
if (Field->isAnonymousStructOrUnion()) {
assert(LastNamedField &&
"we should have seen a named field by this point");
S.Diag(Loc, diag::err_typecheck_assign_const)
<< ExprRange << ConstMember
<< false /*static*/ << LastNamedField
<< LastNamedField->getType().withFastQualifiers(
Field->getType().getLocalFastQualifiers());
} else {
S.Diag(Loc, diag::err_typecheck_assign_const)
<< ExprRange << ConstMember << false /*static*/ << Field
<< Field->getType();
}
DiagnosticEmitted = true; DiagnosticEmitted = true;
} }
S.Diag(VD->getLocation(), diag::note_typecheck_assign_const) // If the field is an anonymous union or structure, we want the note
<< ConstMember << false /*static*/ << Field << Field->getType() // to be about the anonymous object being const rather than the
<< Field->getSourceRange(); // indirect field.
if (Field->isAnonymousStructOrUnion()) {
S.Diag(VD->getLocation(), diag::note_typecheck_assign_const)
<< ConstAnonymousObject
<< Field->getType()
->castAs<RecordType>()
->getDecl()
->isStruct();
} else {
S.Diag(VD->getLocation(), diag::note_typecheck_assign_const)
<< ConstMember << false /*static*/ << Field << Field->getType()
<< Field->getSourceRange();
}
} }
E = ME->getBase(); E = ME->getBase();
LastNamedField = Field;
continue; continue;
} else if (const VarDecl *VDecl = dyn_cast<VarDecl>(VD)) { } else if (const VarDecl *VDecl = dyn_cast<VarDecl>(VD)) {
if (VDecl->getType().isConstQualified()) { if (VDecl->getType().isConstQualified()) {
if (!DiagnosticEmitted) { if (!DiagnosticEmitted) {
S.Diag(Loc, diag::err_typecheck_assign_const) S.Diag(Loc, diag::err_typecheck_assign_const)
<< ExprRange << ConstMember << true /*static*/ << VDecl << ExprRange << ConstMember << true /*static*/ << VDecl
<< VDecl->getType(); << VDecl->getType();
DiagnosticEmitted = true; DiagnosticEmitted = true;
▲ Show 20 LinesShow All 991 LinesShow Last 20 Lines

clang/test/Sema/anonymous-struct-union.c

Show First 20 LinesShow All 113 Lines▼ Show 20 Lines
struct s3 { struct s3 {
struct { int A __attribute__((deprecated)); }; // expected-note {{'A' has been explicitly marked deprecated here}} struct { int A __attribute__((deprecated)); }; // expected-note {{'A' has been explicitly marked deprecated here}}
}; };
void deprecated_anonymous_struct_member(void) { void deprecated_anonymous_struct_member(void) {
struct s3 s; struct s3 s;
s.A = 1; // expected-warning {{'A' is deprecated}} s.A = 1; // expected-warning {{'A' is deprecated}}
} }
struct GH48099 {
const struct { // expected-note {{anonymous struct declared const here}}
int i;
};
volatile union {
int j;
};
};
// Ensure that qualifiers from the anonymous object are reflected on the
// fields being hoisted into the outer context.
void GH48099_test(void) {
struct GH48099 x;
// It's the access path that picks up the qualifiers, not the direct
// declaration of the field itself. So 'i' and 'j' are both 'int'.
_Static_assert(_Generic(x.i, int : 1, default : 0), "i is not int?");
_Static_assert(_Generic(x.j, int : 1, default : 0), "j is not int?");
tahonermannUnsubmitted
Not Done
ReplyInline Actions

Top-level cv-qualifiers are ignored in generic selection expressions, so I'm not sure what these assertions are intended to ensure.

tahonermann: Top-level cv-qualifiers are ignored in generic selection expressions, so I'm not sure what…
aaron.ballmanAuthorUnsubmitted
Done
ReplyInline Actions

I think this is the second time I've been caught by that. I keep expecting that the "no two associations can use compatible types" to make that situation an error.

I almost wonder if we should give a warning in cases where an association type is qualified (or is an array/function type rather than a decayed pointer)?

aaron.ballman: I think this is the second time I've been caught by that. I keep expecting that the "no two…
tahonermannUnsubmitted
Not Done
ReplyInline Actions

I was surprised when I first learned of this behavior too; it hobbles the utility of generic selection expressions in some cases.

A warning like you suggest does seem appropriate. I'm not aware of any way in which a cv-qualified or non-decayed association type can be used in any useful manner (other than to show that a compiler is not behaving properly). If there is such a use, I would be interested in knowing what it is!

tahonermann: I was surprised when I first learned of this behavior too; it hobbles the utility of generic…
// Test that the member access picks up the qualifiers.
x.i = 12; // expected-error {{cannot assign to non-static data member 'i' with const-qualified type 'const int'}}
}

clang/test/Sema/anonymous-struct-union.cpp

  • This file was added.
// RUN: %clang_cc1 -fsyntax-only -verify %s
// RUN: %clang_cc1 -fsyntax-only -verify -fms-extensions -Wno-microsoft-anon-tag -x c %s
// expected-no-diagnostics
struct trivial {
int a;
};
struct GH48099 {
const struct {
int i;
};
#ifndef __cplusplus
// This extension is only allowed in C.
const struct trivial;
#endif
};
// In C++, qualifiers are ignored on the anonymous objects.
void GH48099_test(void) {
struct GH48099 x;
#ifdef __cplusplus
// Test that the member access ignores the qualifiers. This would fail in C.
x.i = 12; // ok
#else
// Test that the member access ignores the qualifiers for a Microsoft C
// anonymous structure declaration. This would fail in C++ because the
// declaration in GH48099 does not declare anything (so 'a' isn't lifted into
// the outer structure).
x.a = 12; // ok
#endif
}