This is an archive of the discontinued LLVM Phabricator instance.

Differential D133202

[Clang] Avoid __builtin_assume_aligned crash when the 1st arg is array type
ClosedPublic

Authored by yronglin on Sep 2 2022, 6:22 AM.

Details

Reviewers
rjmccall
aaron.ballman
vitalybuka
Commits
rG6ed21fc51523: Avoid __builtin_assume_aligned crash when the 1st arg is array type
rG3ad2fe913ae0: [Clang][CodeGen] Avoid __builtin_assume_aligned crash when the 1st arg is array…
Summary

Avoid __builtin_assume_aligned crash when the 1st arg is array type(or string literal).

Open issue: https://github.com/llvm/llvm-project/issues/57169

Diff Detail

Event Timeline

yronglin created this revision.Sep 2 2022, 6:22 AM
Herald added a project: Restricted Project. · View Herald TranscriptSep 2 2022, 6:22 AM
yronglin requested review of this revision.Sep 2 2022, 6:22 AM
Herald added a project: Restricted Project. · View Herald TranscriptSep 2 2022, 6:22 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
yronglin added a comment.Sep 2 2022, 6:26 AM
This comment was removed by yronglin.
yronglin updated this revision to Diff 457580.Sep 2 2022, 6:37 AM

Format code

Harbormaster completed remote builds in B184812: Diff 457580.Sep 2 2022, 7:05 AM
yronglin retitled this revision from [Clang][CodeGen] Fix __builtin_assume_aligned crash to [Clang][CodeGen] Avoid __builtin_assume_aligned crash when the 1st arg is array type.Sep 2 2022, 8:15 AM
yronglin edited the summary of this revision. (Show Details)
rjmccall added a comment.Sep 2 2022, 10:20 AM

Other than the one thing, this looks good.

clang/lib/Sema/SemaChecking.cpp
7663

This should be:

Expr *SecondArg = TheCall->getArg(1);
if (convertArgumentToType(*this, SecondArg, Context.getSizeType()))
  return true;
TheCall->setArg(1, SecondArg);

if (!SecondArg->isValueDependent()) {
  llvm::APSInt Result;
  ....
}

Test case is to pass a floating-point expression or something like that.

yronglin updated this revision to Diff 457643.Sep 2 2022, 11:03 AM

Update patch with john's comments

clang/lib/Sema/SemaChecking.cpp
7663

+1

rjmccall accepted this revision.Sep 2 2022, 11:04 AM

Thanks, LGTM

This revision is now accepted and ready to land.Sep 2 2022, 11:04 AM
yronglin added a comment.Sep 2 2022, 11:08 AM
This comment was removed by yronglin.
Harbormaster completed remote builds in B184856: Diff 457643.Sep 2 2022, 11:55 AM
Closed by commit rG3ad2fe913ae0: [Clang][CodeGen] Avoid __builtin_assume_aligned crash when the 1st arg is array… (authored by yronglin). · Explain WhySep 3 2022, 8:26 AM
This revision was automatically updated to reflect the committed changes.
yronglin added a commit: rG3ad2fe913ae0: [Clang][CodeGen] Avoid __builtin_assume_aligned crash when the 1st arg is array….
vitalybuka added a subscriber: vitalybuka.Sep 3 2022, 12:05 PM

Broken by the patch https://lab.llvm.org/buildbot/#/builders/127/builds/35304

vitalybuka reopened this revision.Sep 3 2022, 1:13 PM
This revision is now accepted and ready to land.Sep 3 2022, 1:13 PM
vitalybuka added a reverting change: rG9905dae5e18c: Revert "[Clang][CodeGen] Avoid __builtin_assume_aligned crash when the 1st arg….Sep 3 2022, 1:13 PM
yronglin added a comment.Sep 5 2022, 7:25 AM
In D133202#3768770, @vitalybuka wrote:

Broken by the patch https://lab.llvm.org/buildbot/#/builders/127/builds/35304

Thanks @vitalybuka , seems intrin0.inl.h have a forward declaration __MACHINE(void * __cdecl __builtin_assume_aligned(const void *, size_t, ...) noexcept), should we use nc in BUILTIN(__builtin_assume_aligned, "v*vC*z.", "nct") but not nct ?

yronglin updated this revision to Diff 458019.Sep 5 2022, 8:45 AM
yronglin added a project: Restricted Project.

Fix windows build bolt broken https://lab.llvm.org/buildbot/#/builders/127/builds/35304

Harbormaster completed remote builds in B185114: Diff 458019.Sep 5 2022, 9:19 AM
yronglin requested review of this revision.Sep 6 2022, 6:29 AM
yronglin added a reviewer: aaron.ballman.Sep 6 2022, 7:35 AM
yronglin added a reviewer: vitalybuka.Sep 6 2022, 9:44 AM
aaron.ballman accepted this revision.Sep 6 2022, 1:07 PM

LGTM, but can you add a release note to clang/docs/ReleaseNotes.rst for the fix? Also, do you need someone to commit this on your behalf? If so, what name and email address would you like used for patch attribution?

This revision is now accepted and ready to land.Sep 6 2022, 1:07 PM
yronglin updated this revision to Diff 458315.Sep 6 2022, 4:42 PM

Update ReleaseNotes

yronglin added a comment.Sep 6 2022, 4:46 PM

Thanks for your review @aaron.ballman , I've updated ReleaseNotes. I don’t have commit access, can you land this patch for me?Please use 'yronglin <yronglin777@gmail.com>' to commit the change.

Harbormaster completed remote builds in B185318: Diff 458315.Sep 6 2022, 5:49 PM
yronglin updated this revision to Diff 458403.Sep 7 2022, 3:01 AM
yronglin retitled this revision from [Clang][CodeGen] Avoid __builtin_assume_aligned crash when the 1st arg is array type to [Clang] Avoid __builtin_assume_aligned crash when the 1st arg is array type.
Harbormaster completed remote builds in B185378: Diff 458403.Sep 7 2022, 3:59 AM
yronglin added a comment.Sep 7 2022, 9:13 AM

ping~

This revision was landed with ongoing or failed builds.Sep 7 2022, 9:47 AM
Closed by commit rG6ed21fc51523: Avoid __builtin_assume_aligned crash when the 1st arg is array type (authored by yronglin, committed by aaron.ballman). · Explain Why
This revision was automatically updated to reflect the committed changes.
aaron.ballman added a commit: rG6ed21fc51523: Avoid __builtin_assume_aligned crash when the 1st arg is array type.
aaron.ballman added a comment.Sep 7 2022, 9:48 AM

I've pushed the changes up for you, thanks!

In D133202#3774801, @yronglin wrote:

ping~

Something to keep in mind for the future: we typically only "ping" a review after about a week of no activity on it (just because folks end up being busy, taking vacation, want to contemplate the review for a while, etc).

yronglin added a comment.Sep 7 2022, 9:53 AM
In D133202#3774905, @aaron.ballman wrote:

I've pushed the changes up for you, thanks!

In D133202#3774801, @yronglin wrote:

ping~

Something to keep in mind for the future: we typically only "ping" a review after about a week of no activity on it (just because folks end up being busy, taking vacation, want to contemplate the review for a while, etc).

Thanks a lot Aaron, I will remember what you said.

rsmith added a subscriber: rsmith.Sep 7 2022, 5:41 PM
rsmith added inline comments.
clang/lib/Sema/SemaChecking.cpp
7651–7652

This looks very suspicious to me: this will remove a cast expression that was written in the source code from the AST. That loses source fidelity, can give the wrong answer if the cast changed the value (such as a C++ derived-to-base conversion to a non-primary base class), and in any case this is only done once where there could be multiple explicit casts written on an argument to the builtin, so if it's necessary, then it's not being done fully.

Can this be removed?

rjmccall added inline comments.Sep 7 2022, 6:32 PM
clang/lib/Sema/SemaChecking.cpp
7651–7652

Somehow I missed this in my review. Yes, this line should be unnecessary, and as you say, it is definitely wrong.

yronglin added a comment.EditedSep 8 2022, 6:15 AM

Thanks a lot for your comments @rsmith @rjmccall .

Firstly, as far as I know, turning on the -fsanitizer=alignment options and calling __builtin_assume_aligned, Clang will emit call void @__ubsan_handle_alignment_assumption(...) in CodeGen, and CodeGen need user-written-type for 1st arg to generate correct TypeDescriptor (this class in compiler-rt/UBSan).

Secondly, before this patch, clang::CodeGen::CodeGenFunction::emitAlignmentAssumption use CastExpr->getSubExprAsWritten to get user-written-type in CodeGen. In Diff 457643 , we use custom sema checking.and just do DefaultFunctionArrayLvalueConversion on 1st arg, but not implicit cast 1st arg to const void *(We expect pass user-written-type to CodeGen).

Unfortunately, Diff 457643 broken windows sanitize test, because there have a forward declaration __MACHINE(void * __cdecl __builtin_assume_aligned(const void *, size_t, ...) noexcept)in intrin0.inl.h, I think the reason for this problem is we use nct in BUILTIN(__builtin_assume_aligned, "v*vC*z.", "nct"), I try to find a solution based on Diff 457643, what do you all think about?

yronglin added inline comments.Sep 8 2022, 7:06 AM
clang/lib/Sema/SemaChecking.cpp
7651–7652

CodeGen need real user-written-type to generate __ubsan_handle_alignment_assumption 's arg, but not const void *

yronglin added a comment.Sep 8 2022, 7:23 AM

Reproduce windows broken test:

ignore.cpp

#include <stddef.h>

void *__builtin_assume_aligned(const void *, size_t, ...) noexcept;
void foo() {
  int a;
  (void) __builtin_assume_aligned(&a, 4);
}
FunctionDecl 0x14a80e480 <./ignore.cpp:3:1, col:7> col:7 __builtin_assume_aligned 'void *(const void *, size_t, ...) noexcept'
|-ParmVarDecl 0x14a80df80 <col:32, col:43> col:44 'const void *'
`-ParmVarDecl 0x14a80e050 <col:46> col:52 'size_t':'unsigned long'
FunctionDecl 0x14a80e210 <./ignore.cpp:3:7> col:7 implicit __builtin_assume_aligned 'void *(const void *, unsigned long, ...) noexcept' extern
|-ParmVarDecl 0x14a80e308 <<invalid sloc>> <invalid sloc> 'const void *'
|-ParmVarDecl 0x14a80e370 <<invalid sloc>> <invalid sloc> 'unsigned long'
|-BuiltinAttr 0x14a80e2b0 <<invalid sloc>> Implicit 402
|-NoThrowAttr 0x14a80e3e8 <col:7> Implicit
`-ConstAttr 0x14a80e410 <col:7> Implicit
./ignore.cpp:3:7: error: cannot redeclare builtin function '__builtin_assume_aligned'
void *__builtin_assume_aligned(const void *, size_t, ...) noexcept;
      ^
./ignore.cpp:3:7: note: '__builtin_assume_aligned' is a builtin with type 'void *(const void *, unsigned long, ...) noexcept'
1 error generated.
yronglin added a comment.EditedSep 8 2022, 8:32 AM

Seems that a builtin can't be redeclared which has custom type checking
https://github.com/llvm/llvm-project/blob/ec8f2905a33ba970543c8edb4141c47f30d325f7/clang/lib/Basic/Builtins.cpp#L210-L214

bool Builtin::Context::canBeRedeclared(unsigned ID) const {
  return ID == Builtin::NotBuiltin || ID == Builtin::BI__va_start ||
         (!hasReferenceArgsOrResult(ID) && !hasCustomTypechecking(ID)) ||
         isInStdNamespace(ID);
}
rjmccall added a comment.Sep 8 2022, 10:53 AM

Please look into the history of that test case to see why we're specifically testing for the ability to redeclare this builtin.

We could certainly allow this builtin to be redeclared using the const void* type — that doesn't really reflect the generic nature of the builtin, but it would work for compatibility with other compilers in the vast preponderance of code — but if we don't really need to do it, let's not go down that road.

clang/lib/Sema/SemaChecking.cpp
7651–7652

Because we're using custom type-checking here, there is no conversion to const void * in the first place; that conversion was an artifact of the earlier implementation.

Also, if the previous code in CodeGen looked like this, then it was buggy: it is incorrect in the case that someone wrote (const void*) foo as the argument, because it would inappropriately look through the explicit, user-provided cast.

rsmith added inline comments.Sep 8 2022, 12:42 PM
clang/lib/Sema/SemaChecking.cpp
7651–7652

The old implementation could get the pointer value wrong, not only the alignment. For example:

struct A { virtual ~A(); };

void *f(A *a) {
  // Incorrectly returns `a` rather than the address of the complete object.
  return __builtin_assume_aligned(dynamic_cast<void*>(a), 8);
}

The new implementation gets the pointer value wrong in more cases, such as:

struct A { int n; };
struct B { int n; };
struct C : A, B {};

void *f(C *c) {
  // Incorrectly returns `c` rather than the address of the B base class.
  return __builtin_assume_aligned((B*)c, 8);
}
yronglin added a comment.EditedSep 9 2022, 4:47 AM

Thanks very much for your comments @rjmccall @rsmith , I've take a look at D45383, I believe that user code isn't allowed to declare __builtin_*, but seems intrin0.inl.h is a system header on windows, should we keep compatibility(like __va_start in D45383) with it? or breaking it, but I'd like some further guidance. can you help me make that decision? I think you guys are experts in this area and have more experience than me, I'll see if I can accomplish soon! (maybe I should submit a new patch).

yronglin added a comment.Sep 9 2022, 9:02 AM

I've a new patch D133583 , please can you guys take a look

yronglin mentioned this in D133583: [clang][ubsan] Fix __builtin_assume_aligned incorrect type descriptor and C++ object polymorphic address.Sep 9 2022, 9:07 AM
yronglin marked 2 inline comments as done.May 1 2023, 7:23 AM
yronglin added inline comments.
clang/lib/Sema/SemaChecking.cpp
7651–7652

Thanks for your tips, and is this an error in clang, https://godbolt.org/z/91qxq73Mb, if lose return 0 in main, ubsan will emit an error, but it will pass when there has a return statement. and I have submit an issue https://github.com/llvm/llvm-project/issues/62478

yronglin mentioned this in D149514: Check if First argument in _builtin_assume_aligned_ is of pointer type.May 2 2023, 7:02 AM

Revision Contents

Diff 458486

clang/docs/ReleaseNotes.rst

Show First 20 LinesShow All 85 Lines▼ Show 20 Lines- Fix assert that triggers a crash during template name lookup when a type was
`Issue 57387 <https://github.com/llvm/llvm-project/issues/57387>`_. `Issue 57387 <https://github.com/llvm/llvm-project/issues/57387>`_.
- Fix a crash when emitting a concept-related diagnostic. This fixes - Fix a crash when emitting a concept-related diagnostic. This fixes
`Issue 57415 <https://github.com/llvm/llvm-project/issues/57415>`_. `Issue 57415 <https://github.com/llvm/llvm-project/issues/57415>`_.
- Fix a crash when attempting to default a virtual constexpr non-special member - Fix a crash when attempting to default a virtual constexpr non-special member
function in a derived class. This fixes function in a derived class. This fixes
`Issue 57431 <https://github.com/llvm/llvm-project/issues/57431>`_ `Issue 57431 <https://github.com/llvm/llvm-project/issues/57431>`_
- Fix a crash where we attempt to define a deleted destructor. This fixes - Fix a crash where we attempt to define a deleted destructor. This fixes
`Issue 57516 <https://github.com/llvm/llvm-project/issues/57516>`_ `Issue 57516 <https://github.com/llvm/llvm-project/issues/57516>`_
- Fix ``__builtin_assume_aligned`` crash when the 1st arg is array type. This fixes
`Issue 57169 <https://github.com/llvm/llvm-project/issues/57169>`_
Improvements to Clang's diagnostics Improvements to Clang's diagnostics
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Clang will now correctly diagnose as ill-formed a constant expression where an - Clang will now correctly diagnose as ill-formed a constant expression where an
enum without a fixed underlying type is set to a value outside the range of enum without a fixed underlying type is set to a value outside the range of
the enumeration's values. Due to the extended period of time this bug was the enumeration's values. Due to the extended period of time this bug was
present in major C++ implementations (including Clang), this error has the present in major C++ implementations (including Clang), this error has the
▲ Show 20 LinesShow All 251 LinesShow Last 20 Lines

clang/lib/CodeGen/CGBuiltin.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 2,775 Lines▼ Show 20 Lines Function *FnExpect =
CGM.getIntrinsic(Intrinsic::expect_with_probability, ArgType); CGM.getIntrinsic(Intrinsic::expect_with_probability, ArgType);
Value *Result = Builder.CreateCall( Value *Result = Builder.CreateCall(
FnExpect, {ArgValue, ExpectedValue, Confidence}, "expval"); FnExpect, {ArgValue, ExpectedValue, Confidence}, "expval");
return RValue::get(Result); return RValue::get(Result);
} }
case Builtin::BI__builtin_assume_aligned: { case Builtin::BI__builtin_assume_aligned: {
const Expr *Ptr = E->getArg(0); const Expr *Ptr = E->getArg(0);
Value *PtrValue = EmitScalarExpr(Ptr); Value *PtrValue = EmitScalarExpr(Ptr);
if (PtrValue->getType() != VoidPtrTy)
PtrValue = EmitCastToVoidPtr(PtrValue);
Value *OffsetValue = Value *OffsetValue =
(E->getNumArgs() > 2) ? EmitScalarExpr(E->getArg(2)) : nullptr; (E->getNumArgs() > 2) ? EmitScalarExpr(E->getArg(2)) : nullptr;
Value *AlignmentValue = EmitScalarExpr(E->getArg(1)); Value *AlignmentValue = EmitScalarExpr(E->getArg(1));
ConstantInt *AlignmentCI = cast<ConstantInt>(AlignmentValue); ConstantInt *AlignmentCI = cast<ConstantInt>(AlignmentValue);
if (AlignmentCI->getValue().ugt(llvm::Value::MaximumAlignment)) if (AlignmentCI->getValue().ugt(llvm::Value::MaximumAlignment))
AlignmentCI = ConstantInt::get(AlignmentCI->getType(), AlignmentCI = ConstantInt::get(AlignmentCI->getType(),
llvm::Value::MaximumAlignment); llvm::Value::MaximumAlignment);
▲ Show 20 LinesShow All 16,658 LinesShow Last 20 Lines

clang/lib/CodeGen/CodeGenFunction.cpp

Show First 20 LinesShow All 2,437 Lines▼ Show 20 Lines emitAlignmentAssumptionCheck(PtrValue, Ty, Loc, AssumptionLoc, Alignment,
OffsetValue, TheCheck, Assumption); OffsetValue, TheCheck, Assumption);
} }
void CodeGenFunction::emitAlignmentAssumption(llvm::Value *PtrValue, void CodeGenFunction::emitAlignmentAssumption(llvm::Value *PtrValue,
const Expr *E, const Expr *E,
SourceLocation AssumptionLoc, SourceLocation AssumptionLoc,
llvm::Value *Alignment, llvm::Value *Alignment,
llvm::Value *OffsetValue) { llvm::Value *OffsetValue) {
if (auto *CE = dyn_cast<CastExpr>(E))
E = CE->getSubExprAsWritten();
QualType Ty = E->getType(); QualType Ty = E->getType();
SourceLocation Loc = E->getExprLoc(); SourceLocation Loc = E->getExprLoc();
emitAlignmentAssumption(PtrValue, Ty, Loc, AssumptionLoc, Alignment, emitAlignmentAssumption(PtrValue, Ty, Loc, AssumptionLoc, Alignment,
OffsetValue); OffsetValue);
} }
llvm::Value *CodeGenFunction::EmitAnnotationCall(llvm::Function *AnnotationFn, llvm::Value *CodeGenFunction::EmitAnnotationCall(llvm::Function *AnnotationFn,
▲ Show 20 LinesShow All 346 LinesShow Last 20 Lines

clang/lib/Sema/SemaChecking.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 122 Lines▼ Show 20 Linesstatic bool checkArgCountAtLeast(Sema &S, CallExpr *Call,
if (ArgCount >= MinArgCount) if (ArgCount >= MinArgCount)
return false; return false;
return S.Diag(Call->getEndLoc(), diag::err_typecheck_call_too_few_args) return S.Diag(Call->getEndLoc(), diag::err_typecheck_call_too_few_args)
<< 0 /*function call*/ << MinArgCount << ArgCount << 0 /*function call*/ << MinArgCount << ArgCount
<< Call->getSourceRange(); << Call->getSourceRange();
} }
/// Checks that a call expression's argument count is at most the desired
/// number. This is useful when doing custom type-checking on a variadic
/// function. Returns true on error.
static bool checkArgCountAtMost(Sema &S, CallExpr *Call, unsigned MaxArgCount) {
unsigned ArgCount = Call->getNumArgs();
if (ArgCount <= MaxArgCount)
return false;
return S.Diag(Call->getEndLoc(),
diag::err_typecheck_call_too_many_args_at_most)
<< 0 /*function call*/ << MaxArgCount << ArgCount
<< Call->getSourceRange();
}
/// Checks that a call expression's argument count is the desired number. /// Checks that a call expression's argument count is the desired number.
/// This is useful when doing custom type-checking. Returns true on error. /// This is useful when doing custom type-checking. Returns true on error.
static bool checkArgCount(Sema &S, CallExpr *Call, unsigned DesiredArgCount) { static bool checkArgCount(Sema &S, CallExpr *Call, unsigned DesiredArgCount) {
unsigned ArgCount = Call->getNumArgs(); unsigned ArgCount = Call->getNumArgs();
if (ArgCount == DesiredArgCount) if (ArgCount == DesiredArgCount)
return false; return false;
if (checkArgCountAtLeast(S, Call, DesiredArgCount)) if (checkArgCountAtLeast(S, Call, DesiredArgCount))
return true; return true;
assert(ArgCount > DesiredArgCount && "should have diagnosed this"); assert(ArgCount > DesiredArgCount && "should have diagnosed this");
// Highlight all the excess arguments. // Highlight all the excess arguments.
SourceRange Range(Call->getArg(DesiredArgCount)->getBeginLoc(), SourceRange Range(Call->getArg(DesiredArgCount)->getBeginLoc(),
Call->getArg(ArgCount - 1)->getEndLoc()); Call->getArg(ArgCount - 1)->getEndLoc());
return S.Diag(Range.getBegin(), diag::err_typecheck_call_too_many_args) return S.Diag(Range.getBegin(), diag::err_typecheck_call_too_many_args)
<< 0 /*function call*/ << DesiredArgCount << ArgCount << 0 /*function call*/ << DesiredArgCount << ArgCount
<< Call->getArg(1)->getSourceRange(); << Call->getArg(1)->getSourceRange();
} }
static bool convertArgumentToType(Sema &S, Expr *&Value, QualType Ty) {
if (Value->isTypeDependent())
return false;
InitializedEntity Entity =
InitializedEntity::InitializeParameter(S.Context, Ty, false);
ExprResult Result =
S.PerformCopyInitialization(Entity, SourceLocation(), Value);
if (Result.isInvalid())
return true;
Value = Result.get();
return false;
}
/// Check that the first argument to __builtin_annotation is an integer /// Check that the first argument to __builtin_annotation is an integer
/// and the second argument is a non-wide string literal. /// and the second argument is a non-wide string literal.
static bool SemaBuiltinAnnotation(Sema &S, CallExpr *TheCall) { static bool SemaBuiltinAnnotation(Sema &S, CallExpr *TheCall) {
if (checkArgCount(S, TheCall, 2)) if (checkArgCount(S, TheCall, 2))
return true; return true;
// First argument should be an integer. // First argument should be an integer.
Expr *ValArg = TheCall->getArg(0); Expr *ValArg = TheCall->getArg(0);
▲ Show 20 LinesShow All 7,452 Lines▼ Show 20 Linesbool Sema::SemaBuiltinAllocaWithAlign(CallExpr *TheCall) {
} }
return false; return false;
} }
/// Handle __builtin_assume_aligned. This is declared /// Handle __builtin_assume_aligned. This is declared
/// as (const void*, size_t, ...) and can take one optional constant int arg. /// as (const void*, size_t, ...) and can take one optional constant int arg.
bool Sema::SemaBuiltinAssumeAligned(CallExpr *TheCall) { bool Sema::SemaBuiltinAssumeAligned(CallExpr *TheCall) {
if (checkArgCountAtMost(*this, TheCall, 3))
return true;
unsigned NumArgs = TheCall->getNumArgs(); unsigned NumArgs = TheCall->getNumArgs();
Expr *FirstArg = TheCall->getArg(0);
if (auto *CE = dyn_cast<CastExpr>(FirstArg))
FirstArg = CE->getSubExprAsWritten();
rsmithUnsubmitted
Not Done
ReplyInline Actions

This looks very suspicious to me: this will remove a cast expression that was written in the source code from the AST. That loses source fidelity, can give the wrong answer if the cast changed the value (such as a C++ derived-to-base conversion to a non-primary base class), and in any case this is only done once where there could be multiple explicit casts written on an argument to the builtin, so if it's necessary, then it's not being done fully.

Can this be removed?

rsmith: This looks very suspicious to me: this will remove a cast expression that was written in the…
rjmccallUnsubmitted
Not Done
ReplyInline Actions

Somehow I missed this in my review. Yes, this line should be unnecessary, and as you say, it is definitely wrong.

rjmccall: Somehow I missed this in my review. Yes, this line should be unnecessary, and as you say, it…
yronglinAuthorUnsubmitted
Done
ReplyInline Actions

CodeGen need real user-written-type to generate __ubsan_handle_alignment_assumption 's arg, but not const void *

yronglin: CodeGen need real `user-written-type` to generate `__ubsan_handle_alignment_assumption ` 's arg…
rjmccallUnsubmitted
Done
ReplyInline Actions

Because we're using custom type-checking here, there is no conversion to const void * in the first place; that conversion was an artifact of the earlier implementation.

Also, if the previous code in CodeGen looked like this, then it was buggy: it is incorrect in the case that someone wrote (const void*) foo as the argument, because it would inappropriately look through the explicit, user-provided cast.

rjmccall: Because we're using custom type-checking here, there is no conversion to `const void *` in the…
rsmithUnsubmitted
Not Done
ReplyInline Actions

The old implementation could get the pointer value wrong, not only the alignment. For example:

struct A { virtual ~A(); };

void *f(A *a) {
  // Incorrectly returns `a` rather than the address of the complete object.
  return __builtin_assume_aligned(dynamic_cast<void*>(a), 8);
}

The new implementation gets the pointer value wrong in more cases, such as:

struct A { int n; };
struct B { int n; };
struct C : A, B {};

void *f(C *c) {
  // Incorrectly returns `c` rather than the address of the B base class.
  return __builtin_assume_aligned((B*)c, 8);
}
rsmith: The old implementation could get the pointer value wrong, not only the alignment. For example…
yronglinAuthorUnsubmitted
Done
ReplyInline Actions

Thanks for your tips, and is this an error in clang, https://godbolt.org/z/91qxq73Mb, if lose return 0 in main, ubsan will emit an error, but it will pass when there has a return statement. and I have submit an issue https://github.com/llvm/llvm-project/issues/62478

yronglin: Thanks for your tips, and is this an error in clang, https://godbolt.org/z/91qxq73Mb, if lose…
if (NumArgs > 3) {
return Diag(TheCall->getEndLoc(), ExprResult FirstArgResult =
diag::err_typecheck_call_too_many_args_at_most) DefaultFunctionArrayLvalueConversion(FirstArg, /*Diagnose=*/false);
<< 0 /*function call*/ << 3 << NumArgs << TheCall->getSourceRange(); if (FirstArgResult.isInvalid())
return true;
TheCall->setArg(0, FirstArgResult.get());
}
// The alignment must be a constant integer. // The alignment must be a constant integer.
Expr *Arg = TheCall->getArg(1); Expr *SecondArg = TheCall->getArg(1);
rjmccallUnsubmitted
Not Done
ReplyInline Actions

This should be:

Expr *SecondArg = TheCall->getArg(1);
if (convertArgumentToType(*this, SecondArg, Context.getSizeType()))
  return true;
TheCall->setArg(1, SecondArg);

if (!SecondArg->isValueDependent()) {
  llvm::APSInt Result;
  ....
}

Test case is to pass a floating-point expression or something like that.

rjmccall: This should be: ``` Expr *SecondArg = TheCall->getArg(1); if (convertArgumentToType(*this…
yronglinAuthorUnsubmitted
Done
ReplyInline Actions

+1

yronglin: +1
// We can't check the value of a dependent argument. // We can't check the value of a dependent argument.
if (!Arg->isTypeDependent() && !Arg->isValueDependent()) { if (!SecondArg->isValueDependent()) {
llvm::APSInt Result; llvm::APSInt Result;
if (SemaBuiltinConstantArg(TheCall, 1, Result)) if (SemaBuiltinConstantArg(TheCall, 1, Result))
return true; return true;
if (!Result.isPowerOf2()) if (!Result.isPowerOf2())
return Diag(TheCall->getBeginLoc(), diag::err_alignment_not_power_of_two) return Diag(TheCall->getBeginLoc(), diag::err_alignment_not_power_of_two)
<< Arg->getSourceRange(); << SecondArg->getSourceRange();
if (Result > Sema::MaximumAlignment) if (Result > Sema::MaximumAlignment)
Diag(TheCall->getBeginLoc(), diag::warn_assume_aligned_too_great) Diag(TheCall->getBeginLoc(), diag::warn_assume_aligned_too_great)
<< Arg->getSourceRange() << Sema::MaximumAlignment; << SecondArg->getSourceRange() << Sema::MaximumAlignment;
} }
if (NumArgs > 2) { if (NumArgs > 2) {
ExprResult Arg(TheCall->getArg(2)); Expr *ThirdArg = TheCall->getArg(2);
InitializedEntity Entity = InitializedEntity::InitializeParameter(Context, if (convertArgumentToType(*this, ThirdArg, Context.getSizeType()))
Context.getSizeType(), false); return true;
Arg = PerformCopyInitialization(Entity, SourceLocation(), Arg); TheCall->setArg(2, ThirdArg);
if (Arg.isInvalid()) return true;
TheCall->setArg(2, Arg.get());
} }
return false; return false;
} }
bool Sema::SemaBuiltinOSLogFormat(CallExpr *TheCall) { bool Sema::SemaBuiltinOSLogFormat(CallExpr *TheCall) {
unsigned BuiltinID = unsigned BuiltinID =
cast<FunctionDecl>(TheCall->getCalleeDecl())->getBuiltinID(); cast<FunctionDecl>(TheCall->getCalleeDecl())->getBuiltinID();
▲ Show 20 LinesShow All 10,249 LinesShow Last 20 Lines

clang/test/CodeGen/catch-alignment-assumption-array.c

  • This file was added.
// RUN: %clang_cc1 -no-opaque-pointers -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s
// RUN: %clang_cc1 -no-opaque-pointers -fsanitize=alignment -fno-sanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-NORECOVER,CHECK-SANITIZE-UNREACHABLE
// RUN: %clang_cc1 -no-opaque-pointers -fsanitize=alignment -fsanitize-recover=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-ANYRECOVER,CHECK-SANITIZE-RECOVER
// RUN: %clang_cc1 -no-opaque-pointers -fsanitize=alignment -fsanitize-trap=alignment -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s -implicit-check-not="call void @__ubsan_handle_alignment_assumption" --check-prefixes=CHECK,CHECK-SANITIZE,CHECK-SANITIZE-TRAP,CHECK-SANITIZE-UNREACHABLE
// CHECK-SANITIZE-ANYRECOVER: @[[CHAR:.*]] = {{.*}} c"'char *'\00" }
// CHECK-SANITIZE-ANYRECOVER: @[[ALIGNMENT_ASSUMPTION:.*]] = {{.*}}, i32 31, i32 35 }, {{.*}}* @[[CHAR]] }
void *caller(void) {
char str[] = "";
// CHECK: define{{.*}}
// CHECK-NEXT: entry:
// CHECK-NEXT: %[[STR:.*]] = alloca [1 x i8], align 1
// CHECK-NEXT: %[[BITCAST:.*]] = bitcast [1 x i8]* %[[STR]] to i8*
// CHECK-NEXT: call void @llvm.memset.p0i8.i64(i8* align 1 %[[BITCAST]], i8 0, i64 1, i1 false)
// CHECK-NEXT: %[[ARRAYDECAY:.*]] = getelementptr inbounds [1 x i8], [1 x i8]* %[[STR]], i64 0, i64 0
// CHECK-SANITIZE-NEXT: %[[PTRINT:.*]] = ptrtoint i8* %[[ARRAYDECAY]] to i64
// CHECK-SANITIZE-NEXT: %[[MASKEDPTR:.*]] = and i64 %[[PTRINT]], 0
// CHECK-SANITIZE-NEXT: %[[MASKCOND:.*]] = icmp eq i64 %[[MASKEDPTR]], 0
// CHECK-SANITIZE-NEXT: %[[PTRINT_DUP:.*]] = ptrtoint i8* %[[ARRAYDECAY]] to i64, !nosanitize
// CHECK-SANITIZE-NEXT: br i1 %[[MASKCOND]], label %[[CONT:.*]], label %[[HANDLER_ALIGNMENT_ASSUMPTION:[^,]+]],{{.*}} !nosanitize
// CHECK-SANITIZE: [[HANDLER_ALIGNMENT_ASSUMPTION]]:
// CHECK-SANITIZE-NORECOVER-NEXT: call void @__ubsan_handle_alignment_assumption_abort(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 1, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-RECOVER-NEXT: call void @__ubsan_handle_alignment_assumption(i8* bitcast ({ {{{.*}}}, {{{.*}}}, {{{.*}}}* }* @[[ALIGNMENT_ASSUMPTION]] to i8*), i64 %[[PTRINT_DUP]], i64 1, i64 0){{.*}}, !nosanitize
// CHECK-SANITIZE-TRAP-NEXT: call void @llvm.ubsantrap(i8 23){{.*}}, !nosanitize
// CHECK-SANITIZE-UNREACHABLE-NEXT: unreachable, !nosanitize
// CHECK-SANITIZE: [[CONT]]:
// CHECK-NEXT: call void @llvm.assume(i1 true) [ "align"(i8* %[[ARRAYDECAY]], i64 1) ]
// CHECK-NEXT: ret i8* %[[ARRAYDECAY]]
// CHECK-NEXT: }
return __builtin_assume_aligned(str, 1);
}

clang/test/CodeGen/catch-alignment-assumption-ignorelist.c

Show All 20 Linesvoid *dont_ignore_volatile_ptrs(void * volatile x) {
// CHECK: call void @__ubsan_handle_alignment_assumption( // CHECK: call void @__ubsan_handle_alignment_assumption(
return __builtin_assume_aligned(x, 1); return __builtin_assume_aligned(x, 1);
} }
// CHECK-LABEL: ignore_volatiles // CHECK-LABEL: ignore_volatiles
void *ignore_volatiles(volatile void * x) { void *ignore_volatiles(volatile void * x) {
return __builtin_assume_aligned(x, 1); return __builtin_assume_aligned(x, 1);
} }
// CHECK-LABEL: ignore_array_volatiles
void *ignore_array_volatiles() {
volatile int arr[] = {1};
return __builtin_assume_aligned(arr, 4);
}

clang/test/Sema/builtin-assume-aligned.c

Show First 20 LinesShow All 60 Lines▼ Show 20 Lines
} }
int test12(int *a) { int test12(int *a) {
a = __builtin_assume_aligned(a, 1ULL << 33); // expected-warning {{requested alignment must be 4294967296 bytes or smaller; maximum alignment assumed}} a = __builtin_assume_aligned(a, 1ULL << 33); // expected-warning {{requested alignment must be 4294967296 bytes or smaller; maximum alignment assumed}}
return a[0]; return a[0];
} }
#endif #endif
int test13(int *a) {
a = (int *)__builtin_assume_aligned(a, 2 * 2.0); // expected-error {{argument to '__builtin_assume_aligned' must be a constant integer}}
return a[0];
}
void test_void_assume_aligned(void) __attribute__((assume_aligned(32))); // expected-warning {{'assume_aligned' attribute only applies to return values that are pointers}} void test_void_assume_aligned(void) __attribute__((assume_aligned(32))); // expected-warning {{'assume_aligned' attribute only applies to return values that are pointers}}
int test_int_assume_aligned(void) __attribute__((assume_aligned(16))); // expected-warning {{'assume_aligned' attribute only applies to return values that are pointers}} int test_int_assume_aligned(void) __attribute__((assume_aligned(16))); // expected-warning {{'assume_aligned' attribute only applies to return values that are pointers}}
void *test_ptr_assume_aligned(void) __attribute__((assume_aligned(64))); // no-warning void *test_ptr_assume_aligned(void) __attribute__((assume_aligned(64))); // no-warning
void *test_ptr_assume_aligned(void) __attribute__((assume_aligned(8589934592))); // expected-warning {{requested alignment must be 4294967296 bytes or smaller; maximum alignment assumed}} void *test_ptr_assume_aligned(void) __attribute__((assume_aligned(8589934592))); // expected-warning {{requested alignment must be 4294967296 bytes or smaller; maximum alignment assumed}}
int j __attribute__((assume_aligned(8))); // expected-warning {{'assume_aligned' attribute only applies to Objective-C methods and functions}} int j __attribute__((assume_aligned(8))); // expected-warning {{'assume_aligned' attribute only applies to Objective-C methods and functions}}
void *test_no_fn_proto() __attribute__((assume_aligned(32))); // no-warning void *test_no_fn_proto() __attribute__((assume_aligned(32))); // no-warning
void *test_with_fn_proto(void) __attribute__((assume_aligned(128))); // no-warning void *test_with_fn_proto(void) __attribute__((assume_aligned(128))); // no-warning
void *test_no_fn_proto() __attribute__((assume_aligned(31))); // expected-error {{requested alignment is not a power of 2}} void *test_no_fn_proto() __attribute__((assume_aligned(31))); // expected-error {{requested alignment is not a power of 2}}
void *test_no_fn_proto() __attribute__((assume_aligned(32, 73))); // no-warning void *test_no_fn_proto() __attribute__((assume_aligned(32, 73))); // no-warning
void *test_no_fn_proto() __attribute__((assume_aligned)); // expected-error {{'assume_aligned' attribute takes at least 1 argument}} void *test_no_fn_proto() __attribute__((assume_aligned)); // expected-error {{'assume_aligned' attribute takes at least 1 argument}}
void *test_no_fn_proto() __attribute__((assume_aligned())); // expected-error {{'assume_aligned' attribute takes at least 1 argument}} void *test_no_fn_proto() __attribute__((assume_aligned())); // expected-error {{'assume_aligned' attribute takes at least 1 argument}}
void *test_no_fn_proto() __attribute__((assume_aligned(32, 45, 37))); // expected-error {{'assume_aligned' attribute takes no more than 2 arguments}} void *test_no_fn_proto() __attribute__((assume_aligned(32, 45, 37))); // expected-error {{'assume_aligned' attribute takes no more than 2 arguments}}