This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
include/clang/AST/
-
clang/
-
AST/
1
Expr.h
-
lib/
-
AST/
-
Expr.cpp
-
CodeGen/
-
CGExpr.cpp
-
Sema/
-
SemaChecking.cpp
-
test/CodeGen/
-
CodeGen/
1
bounds-checking.c

Differential D128643

[clang] -fsanitize=array-bounds: treat all trailing size-1 arrays as flexible
AbandonedPublic

Authored by sberg on Jun 27 2022, 7:06 AM.

Download Raw Diff

Details

Reviewers

serge-sans-paille

Summary

...even if the size resulted from a macro expansion. This reverts back to the behavior prior to
https://github.com/llvm/llvm-project/commit/886715af962de2c92fac4bd37104450345711e4a "[clang] Introduce -fstrict-flex-arrays=<n> for stricter handling of flexible arrays". The new behavior caused false out-of-bounds-index reports from e.g. HarfBuzz built with -fsanitize=array-bounds: HarfBuzz has various "fake" flexible array members of the form

Type                arrayZ[HB_VAR_ARRAY];

in https://github.com/harfbuzz/harfbuzz/blob/main/src/hb-open-type.hh, where HB_VAR_ARRAY is defined as

#ifndef HB_VAR_ARRAY
#define HB_VAR_ARRAY 1
#endif

in https://github.com/harfbuzz/harfbuzz/blob/main/src/hb-machinery.hh.

Also added a test.

Diff Detail

Unit TestsFailed

	Time	Test
	1,300 ms	x64 debian > libFuzzer.libFuzzer::fuzzer-finalstats.test

Event Timeline

sberg created this revision.Jun 27 2022, 7:06 AM

Herald added a project: Restricted Project. · View Herald TranscriptJun 27 2022, 7:06 AM

sberg requested review of this revision.Jun 27 2022, 7:06 AM

Harbormaster completed remote builds in B172185: Diff 440206.Jun 27 2022, 7:49 AM

serge-sans-paille added inline comments.Jun 27 2022, 8:04 AM

clang/include/clang/AST/Expr.h
455	Maybe default to `false` here?
clang/test/CodeGen/bounds-checking.c
69	The above checks look for `CHECK-NOT: call {{.*}} @llvm.{{(ubsan)?trap}}`

I'm abandoning this as the underlying https://reviews.llvm.org/D126864 "[clang] Introduce -fstrict-flex-arrays=<n> for stricter handling of flexible arrays" has been reverted for now.

I documented all my issues with that underlying commit (including, but not limited to what was presented here) in my comment at https://reviews.llvm.org/D126864#3614235.

Revision Contents

Path

Size

clang/

include/

clang/

AST/

Expr.h

3 lines

lib/

AST/

Expr.cpp

7 lines

CodeGen/

CGExpr.cpp

2 lines

Sema/

SemaChecking.cpp

4 lines

test/

CodeGen/

bounds-checking.c

11 lines

Diff 440206

clang/include/clang/AST/Expr.h

Show First 20 Lines • Show All 445 Lines • ▼ Show 20 Lines	public:
/// True when this expression refers to a flexible array member in a		/// True when this expression refers to a flexible array member in a
/// struct. \c StrictFlexArraysLevel controls which array bounds are		/// struct. \c StrictFlexArraysLevel controls which array bounds are
/// acceptable for such arrays:		/// acceptable for such arrays:
///		///
/// - 0 => any array bound,		/// - 0 => any array bound,
/// - 1 => [0], [1], [ ]		/// - 1 => [0], [1], [ ]
/// - 2 => [0], [ ]		/// - 2 => [0], [ ]
/// - 3 => [ ]		/// - 3 => [ ]
bool isFlexibleArrayMember(ASTContext &Ctx, int StrictFlexArraysLevel) const;		bool isFlexibleArrayMember(ASTContext &Ctx, int StrictFlexArraysLevel,
		bool IgnoreSizeFromMacro) const;
		serge-sans-pailleUnsubmitted Not Done Reply Inline Actions Maybe default to `false` here? serge-sans-paille: Maybe default to `false` here?

/// setValueKind - Set the value kind produced by this expression.		/// setValueKind - Set the value kind produced by this expression.
void setValueKind(ExprValueKind Cat) { ExprBits.ValueKind = Cat; }		void setValueKind(ExprValueKind Cat) { ExprBits.ValueKind = Cat; }

/// setObjectKind - Set the object kind produced by this expression.		/// setObjectKind - Set the object kind produced by this expression.
void setObjectKind(ExprObjectKind Cat) { ExprBits.ObjectKind = Cat; }		void setObjectKind(ExprObjectKind Cat) { ExprBits.ObjectKind = Cat; }

private:		private:
▲ Show 20 Lines • Show All 6,015 Lines • Show Last 20 Lines

clang/lib/AST/Expr.cpp

Show First 20 Lines • Show All 197 Lines • ▼ Show 20 Lines	if (const FieldDecl *FD = E->getSourceBitField())
if (!Semantic && FD->getType()->isUnsignedIntegerType() &&		if (!Semantic && FD->getType()->isUnsignedIntegerType() &&
!FD->getBitWidth()->isValueDependent() &&		!FD->getBitWidth()->isValueDependent() &&
FD->getBitWidthValue(FD->getASTContext()) == 1)		FD->getBitWidthValue(FD->getASTContext()) == 1)
return true;		return true;

return false;		return false;
}		}

bool Expr::isFlexibleArrayMember(ASTContext &Ctx,		bool Expr::isFlexibleArrayMember(ASTContext &Ctx, int StrictFlexArraysLevel,
int StrictFlexArraysLevel) const {		bool IgnoreSizeFromMacro) const {
const NamedDecl *ND = nullptr;		const NamedDecl *ND = nullptr;
if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(this))		if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(this))
ND = DRE->getDecl();		ND = DRE->getDecl();
if (const MemberExpr *ME = dyn_cast<MemberExpr>(this))		if (const MemberExpr *ME = dyn_cast<MemberExpr>(this))
ND = ME->getMemberDecl();		ND = ME->getMemberDecl();
if (const ObjCIvarRefExpr *RE = dyn_cast<ObjCIvarRefExpr>(this))		if (const ObjCIvarRefExpr *RE = dyn_cast<ObjCIvarRefExpr>(this))
ND = RE->getDecl();		ND = RE->getDecl();
if (!ND)		if (!ND)
Show All 39 Lines	while (TInfo) {
// Look through typedefs.		// Look through typedefs.
if (TypedefTypeLoc TTL = TL.getAs<TypedefTypeLoc>()) {		if (TypedefTypeLoc TTL = TL.getAs<TypedefTypeLoc>()) {
const TypedefNameDecl *TDL = TTL.getTypedefNameDecl();		const TypedefNameDecl *TDL = TTL.getTypedefNameDecl();
TInfo = TDL->getTypeSourceInfo();		TInfo = TDL->getTypeSourceInfo();
continue;		continue;
}		}
if (ConstantArrayTypeLoc CTL = TL.getAs<ConstantArrayTypeLoc>()) {		if (ConstantArrayTypeLoc CTL = TL.getAs<ConstantArrayTypeLoc>()) {
const Expr *SizeExpr = dyn_cast<IntegerLiteral>(CTL.getSizeExpr());		const Expr *SizeExpr = dyn_cast<IntegerLiteral>(CTL.getSizeExpr());
if (!SizeExpr \|\| SizeExpr->getExprLoc().isMacroID())		if (!SizeExpr \|\|
		(IgnoreSizeFromMacro && SizeExpr->getExprLoc().isMacroID()))
return false;		return false;
}		}
break;		break;
}		}

const ObjCInterfaceDecl *ID =		const ObjCInterfaceDecl *ID =
dyn_cast<ObjCInterfaceDecl>(FD->getDeclContext());		dyn_cast<ObjCInterfaceDecl>(FD->getDeclContext());
const RecordDecl *RD = dyn_cast<RecordDecl>(FD->getDeclContext());		const RecordDecl *RD = dyn_cast<RecordDecl>(FD->getDeclContext());
▲ Show 20 Lines • Show All 4,846 Lines • Show Last 20 Lines

clang/lib/CodeGen/CGExpr.cpp

Show First 20 Lines • Show All 926 Lines • ▼ Show 20 Lines	if (const VectorType *VT = Base->getType()->getAs<VectorType>()) {
return CGF.Builder.getInt32(VT->getNumElements());		return CGF.Builder.getInt32(VT->getNumElements());
}		}

Base = Base->IgnoreParens();		Base = Base->IgnoreParens();

if (const auto *CE = dyn_cast<CastExpr>(Base)) {		if (const auto *CE = dyn_cast<CastExpr>(Base)) {
if (CE->getCastKind() == CK_ArrayToPointerDecay &&		if (CE->getCastKind() == CK_ArrayToPointerDecay &&
!CE->getSubExpr()->IgnoreParens()->isFlexibleArrayMember(		!CE->getSubExpr()->IgnoreParens()->isFlexibleArrayMember(
Context, std::max(StrictFlexArraysLevel, 1))) {		Context, std::max(StrictFlexArraysLevel, 1), false)) {
IndexedType = CE->getSubExpr()->getType();		IndexedType = CE->getSubExpr()->getType();
const ArrayType *AT = IndexedType->castAsArrayTypeUnsafe();		const ArrayType *AT = IndexedType->castAsArrayTypeUnsafe();
if (const auto *CAT = dyn_cast<ConstantArrayType>(AT))		if (const auto *CAT = dyn_cast<ConstantArrayType>(AT))
return CGF.Builder.getInt(CAT->getSize());		return CGF.Builder.getInt(CAT->getSize());
else if (const auto *VAT = dyn_cast<VariableArrayType>(AT))		else if (const auto *VAT = dyn_cast<VariableArrayType>(AT))
return CGF.getVLASize(VAT).NumElts;		return CGF.getVLASize(VAT).NumElts;
// Ignore pass_object_size here. It's not applicable on decayed pointers.		// Ignore pass_object_size here. It's not applicable on decayed pointers.
}		}
▲ Show 20 Lines • Show All 4,662 Lines • Show Last 20 Lines

clang/lib/Sema/SemaChecking.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 15,863 Lines • ▼ Show 20 Lines	if (index.isUnsigned() \|\| !index.isNegative()) {
// For array subscripting the index must be less than size, but for pointer		// For array subscripting the index must be less than size, but for pointer
// arithmetic also allow the index (offset) to be equal to size since		// arithmetic also allow the index (offset) to be equal to size since
// computing the next address after the end of the array is legal and		// computing the next address after the end of the array is legal and
// commonly done e.g. in C++ iterators and range-based for loops.		// commonly done e.g. in C++ iterators and range-based for loops.
if (AllowOnePastEnd ? index.ule(size) : index.ult(size))		if (AllowOnePastEnd ? index.ule(size) : index.ult(size))
return;		return;

// Also don't warn for flexible array members.		// Also don't warn for flexible array members.
if (BaseExpr->isFlexibleArrayMember(Context,		if (BaseExpr->isFlexibleArrayMember(Context, getLangOpts().StrictFlexArrays,
getLangOpts().StrictFlexArrays))		true))
return;		return;

// Suppress the warning if the subscript expression (as identified by the		// Suppress the warning if the subscript expression (as identified by the
// ']' location) and the index expression are both from macro expansions		// ']' location) and the index expression are both from macro expansions
// within a system header.		// within a system header.
if (ASE) {		if (ASE) {
SourceLocation RBracketLoc = SourceMgr.getSpellingLoc(		SourceLocation RBracketLoc = SourceMgr.getSpellingLoc(
ASE->getRBracketLoc());		ASE->getRBracketLoc());
▲ Show 20 Lines • Show All 1,823 Lines • Show Last 20 Lines

clang/test/CodeGen/bounds-checking.c

	Show First 20 Lines • Show All 52 Lines • ▼ Show 20 Lines
	__attribute__((no_sanitize("bounds")))			__attribute__((no_sanitize("bounds")))
	int f6(int i) {			int f6(int i) {
	int b[64];			int b[64];
	// CHECK-NOT: call void @llvm.trap()			// CHECK-NOT: call void @llvm.trap()
	// CHECK-NOT: trap:			// CHECK-NOT: trap:
	// CHECK-NOT: cont:			// CHECK-NOT: cont:
	return b[i];			return b[i];
	}			}

				#define FLEXIBLE 1
				struct Macro {
				int a[FLEXIBLE];
				};

				// CHECK-LABEL: define {{.*}} @f7
				int f7(struct Macro *m, int i) {
				// CHECK-NOT: call {{.*}} @llvm.ubsantrap
				serge-sans-pailleUnsubmitted Not Done Reply Inline Actions The above checks look for `CHECK-NOT: call {{.}} @llvm.{{(ubsan)?trap}}` serge-sans-paille:* The above checks look for `CHECK-NOT: call {{.*}} @llvm.{{(ubsan)?trap}}`
				return m->a[i];
				}