This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
lib/Sema/
-
Sema/
-
SemaChecking.cpp
-
test/Sema/
-
Sema/
2/4
array-bounds-ptr-arith.c

Differential D135989

[clang][Sema] Use size of char for void types
ClosedPublic

Authored by void on Oct 14 2022, 2:00 PM.

Download Raw Diff

Details

Reviewers

serge-sans-paille
kees
nickdesaulniers

Commits

rG91b3823bd000: [clang][Sema] Use size of char in bits for void types

Summary

The extension that allows for pointer arithmetic on 'void' types treats
the 'void' as a 'char'. We should use the 'char' size instead of one in
this case to allow warning when pointer arithmetic would go out of
bounds.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

void created this revision.Oct 14 2022, 2:00 PM

Herald added a project: Restricted Project. · View Herald TranscriptOct 14 2022, 2:00 PM

void requested review of this revision.Oct 14 2022, 2:00 PM

Herald added a project: Restricted Project. · View Herald TranscriptOct 14 2022, 2:00 PM

Herald added a subscriber: cfe-commits. · View Herald Transcript

Harbormaster completed remote builds in B192262: Diff 467905.Oct 14 2022, 2:01 PM

serge-sans-paille added inline comments.Oct 14 2022, 2:07 PM

clang/test/Sema/array-bounds-ptr-arith.c
14	I'm fine with that change, but I don't understand how it relates to that commit ;-)

void added inline comments.Oct 14 2022, 2:12 PM

clang/test/Sema/array-bounds-ptr-arith.c
14	The original size 80 was large enough to emit a warning. However, 9 didn't emit a warning, but should. (Note that 8 won't emit a warning because of pointer arithmetic voodoo.)

nickdesaulniers added inline comments.Oct 14 2022, 2:14 PM

clang/test/Sema/array-bounds-ptr-arith.c
14	It's slightly confusing, but the previous increment of 80 masked the issue with a smaller increment that was still out of bounds, IIUC. I think the previous code had a bytes vs bits bug?

void added inline comments.Oct 14 2022, 2:20 PM

clang/test/Sema/array-bounds-ptr-arith.c
14	Yes, that's pretty much what way happening. The comparison would be 80 (index) vs 64 (array length). But when the `ptrarith_typesize` is one, the comparison is 9 vs 64.

Fix up testcase.

LGTM; please consider appending to the commit message something along the lines of "operations on the result of getTypeSize() are in bits, not bytes. Using 1 as the value for void* is the correct number of bytes, but we're doing arithmetic in bits." or something to denote this is a unit-of-measure related bug.

This revision is now accepted and ready to land.Oct 14 2022, 2:31 PM

In D135989#3859763, @nickdesaulniers wrote:

LGTM; please consider appending to the commit message something along the lines of "operations on the result of getTypeSize() are in bits, not bytes. Using 1 as the value for void* is the correct number of bytes, but we're doing arithmetic in bits." or something to denote this is a unit-of-measure related bug.

Done. Thanks!

This revision was landed with ongoing or failed builds.Oct 14 2022, 2:46 PM

Closed by commit rG91b3823bd000: [clang][Sema] Use size of char in bits for void types (authored by void). · Explain Why

This revision was automatically updated to reflect the committed changes.

void added a commit: rG91b3823bd000: [clang][Sema] Use size of char in bits for void types.

Harbormaster completed remote builds in B192269: Diff 467912.Oct 14 2022, 3:00 PM

Thanks for clarifying!

Revision Contents

Path

Size

clang/

lib/

Sema/

SemaChecking.cpp

16 lines

test/

Sema/

array-bounds-ptr-arith.c

11 lines

Diff 467931

clang/lib/Sema/SemaChecking.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 16,014 Lines • ▼ Show 20 Lines	if (index.isUnsigned() \|\| !index.isNegative()) {
// access exceeds the array bounds. However we can still diagnose an array		// access exceeds the array bounds. However we can still diagnose an array
// access which precedes the array bounds.		// access which precedes the array bounds.
if (BaseType->isIncompleteType())		if (BaseType->isIncompleteType())
return;		return;

llvm::APInt size = ArrayTy->getSize();		llvm::APInt size = ArrayTy->getSize();

if (BaseType != EffectiveType) {		if (BaseType != EffectiveType) {
// Make sure we're comparing apples to apples when comparing index to size		// Make sure we're comparing apples to apples when comparing index to
		// size.
uint64_t ptrarith_typesize = Context.getTypeSize(EffectiveType);		uint64_t ptrarith_typesize = Context.getTypeSize(EffectiveType);
uint64_t array_typesize = Context.getTypeSize(BaseType);		uint64_t array_typesize = Context.getTypeSize(BaseType);
// Handle ptrarith_typesize being zero, such as when casting to void*
if (!ptrarith_typesize) ptrarith_typesize = 1;		// Handle ptrarith_typesize being zero, such as when casting to void*.
		// Use the size in bits (what "getTypeSize()" returns) rather than bytes.
		if (!ptrarith_typesize)
		ptrarith_typesize = Context.getCharWidth();

if (ptrarith_typesize != array_typesize) {		if (ptrarith_typesize != array_typesize) {
// There's a cast to a different size type involved		// There's a cast to a different size type involved.
uint64_t ratio = array_typesize / ptrarith_typesize;		uint64_t ratio = array_typesize / ptrarith_typesize;

// TODO: Be smarter about handling cases where array_typesize is not a		// TODO: Be smarter about handling cases where array_typesize is not a
// multiple of ptrarith_typesize		// multiple of ptrarith_typesize.
if (ptrarith_typesize * ratio == array_typesize)		if (ptrarith_typesize * ratio == array_typesize)
size *= llvm::APInt(size.getBitWidth(), ratio);		size *= llvm::APInt(size.getBitWidth(), ratio);
}		}
}		}

if (size.getBitWidth() > index.getBitWidth())		if (size.getBitWidth() > index.getBitWidth())
index = index.zext(size.getBitWidth());		index = index.zext(size.getBitWidth());
else if (size.getBitWidth() < index.getBitWidth())		else if (size.getBitWidth() < index.getBitWidth())
▲ Show 20 Lines • Show All 1,843 Lines • Show Last 20 Lines

clang/test/Sema/array-bounds-ptr-arith.c

	// RUN: %clang_cc1 -verify=expected -Warray-bounds-pointer-arithmetic %s			// RUN: %clang_cc1 -verify=expected -Warray-bounds-pointer-arithmetic %s
	// RUN: %clang_cc1 -verify=expected -Warray-bounds-pointer-arithmetic %s -fstrict-flex-arrays=0			// RUN: %clang_cc1 -verify=expected -Warray-bounds-pointer-arithmetic %s -fstrict-flex-arrays=0
	// RUN: %clang_cc1 -verify=expected,strict -Warray-bounds-pointer-arithmetic %s -fstrict-flex-arrays=2			// RUN: %clang_cc1 -verify=expected,strict -Warray-bounds-pointer-arithmetic %s -fstrict-flex-arrays=2

	// Test case from PR10615			// Test case from PR10615
	struct ext2_super_block{			struct ext2_super_block{
	unsigned char s_uuid[8]; // expected-note {{declared here}}			unsigned char s_uuid[8]; // expected-note {{declared here}}
	};			};
	void* ext2_statfs (struct ext2_super_block *es,int a)
	{			void* ext2_statfs (struct ext2_super_block *es,int a) {
	return (void *)es->s_uuid + sizeof(int); // no-warning			return (void *)es->s_uuid + sizeof(int); // no-warning
	}			}
	void* broken (struct ext2_super_block *es,int a)			void* broken (struct ext2_super_block *es,int a) {
	{			return (void *)es->s_uuid + 9; // expected-warning {{the pointer incremented by 9 refers past the end of the array}}
				serge-sans-pailleUnsubmitted Not Done Reply Inline Actions I'm fine with that change, but I don't understand how it relates to that commit ;-) serge-sans-paille: I'm fine with that change, but I don't understand how it relates to that commit ;-)
				voidAuthorUnsubmitted Done Reply Inline Actions The original size 80 was large enough to emit a warning. However, 9 didn't emit a warning, but should. (Note that 8 won't emit a warning because of pointer arithmetic voodoo.) void: The original size 80 was large enough to emit a warning. However, 9 didn't emit a warning…
				nickdesaulniersUnsubmitted Not Done Reply Inline Actions It's slightly confusing, but the previous increment of 80 masked the issue with a smaller increment that was still out of bounds, IIUC. I think the previous code had a bytes vs bits bug? nickdesaulniers: It's slightly confusing, but the previous increment of 80 masked the issue with a smaller…
				voidAuthorUnsubmitted Done Reply Inline Actions Yes, that's pretty much what way happening. The comparison would be 80 (index) vs 64 (array length). But when the `ptrarith_typesize` is one, the comparison is 9 vs 64. void: Yes, that's pretty much what way happening. The comparison would be 80 (index) vs 64 (array…
	return (void *)es->s_uuid + 80; // expected-warning {{refers past the end of the array}}
	}			}

	// Test case reduced from PR11594			// Test case reduced from PR11594
	struct S {			struct S {
	int n;			int n;
	};			};
	void pr11594(struct S *s) {			void pr11594(struct S *s) {
	int a[10];			int a[10];
	Show All 34 Lines