This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/lib/AST/Interp/
-
lib/
-
AST/
-
Interp/
3
Descriptor.cpp
-
InterpBlock.h
-
Pointer.cpp
1/2
Program.h
-
Program.cpp

Differential D136826

[clang][Interp] Make sure we free() allocated InitMaps
ClosedPublic

Authored by tbaeder on Oct 27 2022, 2:35 AM.

Download Raw Diff

Details

Reviewers

aaron.ballman
erichkeane
tahonermann
shafik

Commits

rGee9bbfa5e6ac: [clang][Interp] Make sure we free() allocated InitMaps

Summary

They get allocated when calling initialize() on a primitive array. And they get free'd when the array is fully initialized. However, when that never happens, they get leaked. Fix that by calling the destructor of global variables.

No test attached here, since the problem only exists when asan is used. However, the next patch I upload will test that InitMaps work.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

tbaeder created this revision.Oct 27 2022, 2:35 AM

Herald added a project: Restricted Project. · View Herald TranscriptOct 27 2022, 2:35 AM

tbaeder requested review of this revision.Oct 27 2022, 2:35 AM

Herald added a project: Restricted Project. · View Herald TranscriptOct 27 2022, 2:35 AM

Herald added a subscriber: cfe-commits. · View Herald Transcript

tbaeder mentioned this in D136828: [clang][Interp] Diagnose uninitialized array record fields.Oct 27 2022, 2:39 AM

Harbormaster completed remote builds in B194599: Diff 471087.Oct 27 2022, 4:14 AM

The changes look correct to me, but you may want to wait a little bit before landing to give the other reviewers a chance to look this over given that there's no tests possible for it.

This revision is now accepted and ready to land.Oct 27 2022, 5:41 AM

tbaeder added a child revision: D136936: [clang][Interp] Handle undefined functions better.Oct 28 2022, 6:15 AM

Closed by commit rGee9bbfa5e6ac: [clang][Interp] Make sure we free() allocated InitMaps (authored by tbaeder). · Explain WhyOct 28 2022, 8:01 AM

This revision was automatically updated to reflect the committed changes.

tbaeder added a commit: rGee9bbfa5e6ac: [clang][Interp] Make sure we free() allocated InitMaps.

shafik added inline comments.Oct 28 2022, 12:08 PM

clang/lib/AST/Interp/Descriptor.cpp
46	I believe `Ptr` is not longer valid b/c of `free(IM)` b/c what `Ptr` points to has not been free'ed I am looking at the wording now but I am curious what @aaron.ballman thinks.

aaron.ballman added inline comments.Oct 28 2022, 12:12 PM

clang/lib/AST/Interp/Descriptor.cpp
46	How I see it is that it's converting `Ptr` to an `IntMap *`, dereferencing that back to `IntMap ` and then freeing that pointer. So it doesn't free `Ptr` itself, but what `Ptr` points to.

shafik added inline comments.Oct 28 2022, 6:21 PM

clang/lib/AST/Interp/Descriptor.cpp
46	Right but the address is no longer valid even if the type we free'ed as is different. So the pointer is not longer pointing to a valid location. At least that is how I have seen it explained in other contexts but I have to dig up a reference.

antondaubert added a subscriber: antondaubert.Oct 31 2022, 6:40 AM

antondaubert added inline comments.

clang/lib/AST/Interp/Program.h
54–56	Seems like this change generates a use-of-uninitialized-value lib/AST/Interp/Descriptor.cpp:150:22 in dtorRecord(clang::interp::Block, char, clang::interp::Descriptor*) when executing the test test/AST/Interp/arrays.cpp with a memory sanitizer.

tbaeder added inline comments.Oct 31 2022, 6:46 AM

clang/lib/AST/Interp/Program.h
54–56	Should be fixed by https://github.com/llvm/llvm-project/commit/da4b929da79f4ce886f5612e3c84d29c1d2632f7

Revision Contents

Path

Size

clang/

lib/

AST/

Interp/

7 lines

6 lines

8 lines

7 lines

1 line

Diff 471555

clang/lib/AST/Interp/Descriptor.cpp

Show All 33 Lines
static void ctorArrayTy(Block , char Ptr, bool, bool, bool, Descriptor *D) {		static void ctorArrayTy(Block , char Ptr, bool, bool, bool, Descriptor *D) {
for (unsigned I = 0, NE = D->getNumElems(); I < NE; ++I) {		for (unsigned I = 0, NE = D->getNumElems(); I < NE; ++I) {
new (&reinterpret_cast<T *>(Ptr)[I]) T();		new (&reinterpret_cast<T *>(Ptr)[I]) T();
}		}
}		}

template <typename T>		template <typename T>
static void dtorArrayTy(Block , char Ptr, Descriptor *D) {		static void dtorArrayTy(Block , char Ptr, Descriptor *D) {
		InitMap IM = reinterpret_cast<InitMap **>(Ptr);
		if (IM != (InitMap *)-1)
		free(IM);

		Ptr += sizeof(InitMap *);
		shafikUnsubmitted Not Done Reply Inline Actions I believe `Ptr` is not longer valid b/c of `free(IM)` b/c what `Ptr` points to has not been free'ed I am looking at the wording now but I am curious what @aaron.ballman thinks. shafik: I believe `Ptr` is not longer valid b/c of `free(IM)` b/c what `Ptr` points to has not been…
		aaron.ballmanUnsubmitted Not Done Reply Inline Actions How I see it is that it's converting `Ptr` to an `IntMap *`, dereferencing that back to `IntMap ` and then freeing that pointer. So it doesn't free `Ptr` itself, but what `Ptr` points to. aaron.ballman: How I see it is that it's converting `Ptr` to an `IntMap **`, dereferencing that back to…
		shafikUnsubmitted Not Done Reply Inline Actions Right but the address is no longer valid even if the type we free'ed as is different. So the pointer is not longer pointing to a valid location. At least that is how I have seen it explained in other contexts but I have to dig up a reference. shafik: Right but the address is no longer valid even if the type we free'ed as is different. So the…
for (unsigned I = 0, NE = D->getNumElems(); I < NE; ++I) {		for (unsigned I = 0, NE = D->getNumElems(); I < NE; ++I) {
reinterpret_cast<T *>(Ptr)[I].~T();		reinterpret_cast<T *>(Ptr)[I].~T();
}		}
}		}

template <typename T>		template <typename T>
static void moveArrayTy(Block , char Src, char Dst, Descriptor D) {		static void moveArrayTy(Block , char Src, char Dst, Descriptor D) {
for (unsigned I = 0, NE = D->getNumElems(); I < NE; ++I) {		for (unsigned I = 0, NE = D->getNumElems(); I < NE; ++I) {
▲ Show 20 Lines • Show All 123 Lines • ▼ Show 20 Lines	static BlockMoveFn getMovePrim(PrimType Type) {
COMPOSITE_TYPE_SWITCH(Type, return moveTy<T>, return nullptr);		COMPOSITE_TYPE_SWITCH(Type, return moveTy<T>, return nullptr);
}		}

static BlockCtorFn getCtorArrayPrim(PrimType Type) {		static BlockCtorFn getCtorArrayPrim(PrimType Type) {
COMPOSITE_TYPE_SWITCH(Type, return ctorArrayTy<T>, return nullptr);		COMPOSITE_TYPE_SWITCH(Type, return ctorArrayTy<T>, return nullptr);
}		}

static BlockDtorFn getDtorArrayPrim(PrimType Type) {		static BlockDtorFn getDtorArrayPrim(PrimType Type) {
COMPOSITE_TYPE_SWITCH(Type, return dtorArrayTy<T>, return nullptr);		TYPE_SWITCH(Type, return dtorArrayTy<T>);
}		}

static BlockMoveFn getMoveArrayPrim(PrimType Type) {		static BlockMoveFn getMoveArrayPrim(PrimType Type) {
COMPOSITE_TYPE_SWITCH(Type, return moveArrayTy<T>, return nullptr);		COMPOSITE_TYPE_SWITCH(Type, return moveArrayTy<T>, return nullptr);
}		}

Descriptor::Descriptor(const DeclTy &D, PrimType Type, bool IsConst,		Descriptor::Descriptor(const DeclTy &D, PrimType Type, bool IsConst,
bool IsTemporary, bool IsMutable)		bool IsTemporary, bool IsMutable)
▲ Show 20 Lines • Show All 100 Lines • Show Last 20 Lines

clang/lib/AST/Interp/InterpBlock.h

Show First 20 Lines • Show All 67 Lines • ▼ Show 20 Lines	public:
/// Invokes the constructor.		/// Invokes the constructor.
void invokeCtor() {		void invokeCtor() {
std::memset(data(), 0, getSize());		std::memset(data(), 0, getSize());
if (Desc->CtorFn)		if (Desc->CtorFn)
Desc->CtorFn(this, data(), Desc->IsConst, Desc->IsMutable,		Desc->CtorFn(this, data(), Desc->IsConst, Desc->IsMutable,
/isActive=/true, Desc);		/isActive=/true, Desc);
}		}

		// Invokes the Destructor.
		void invokeDtor() {
		if (Desc->DtorFn)
		Desc->DtorFn(this, data(), Desc);
		}

protected:		protected:
friend class Pointer;		friend class Pointer;
friend class DeadBlock;		friend class DeadBlock;
friend class InterpState;		friend class InterpState;

Block(Descriptor *Desc, bool IsExtern, bool IsStatic, bool IsDead)		Block(Descriptor *Desc, bool IsExtern, bool IsStatic, bool IsDead)
: IsStatic(IsStatic), IsExtern(IsExtern), IsDead(true), Desc(Desc) {}		: IsStatic(IsStatic), IsExtern(IsExtern), IsDead(true), Desc(Desc) {}

▲ Show 20 Lines • Show All 55 Lines • Show Last 20 Lines

clang/lib/AST/Interp/Pointer.cpp

Show First 20 Lines • Show All 137 Lines • ▼ Show 20 Lines	APValue Pointer::toAPValue() const {
return APValue(Base, Offset, Path, IsOnePastEnd, IsNullPtr);		return APValue(Base, Offset, Path, IsOnePastEnd, IsNullPtr);
}		}

bool Pointer::isInitialized() const {		bool Pointer::isInitialized() const {
assert(Pointee && "Cannot check if null pointer was initialized");		assert(Pointee && "Cannot check if null pointer was initialized");
Descriptor *Desc = getFieldDesc();		Descriptor *Desc = getFieldDesc();
assert(Desc);		assert(Desc);
if (Desc->isPrimitiveArray()) {		if (Desc->isPrimitiveArray()) {
if (Pointee->IsStatic)		if (isStatic() && Base == 0)
return true;		return true;
// Primitive array field are stored in a bitset.		// Primitive array field are stored in a bitset.
InitMap *Map = getInitMap();		InitMap *Map = getInitMap();
if (!Map)		if (!Map)
return false;		return false;
if (Map == (InitMap *)-1)		if (Map == (InitMap *)-1)
return true;		return true;
return Map->isInitialized(getIndex());		return Map->isInitialized(getIndex());
} else {		} else {
// Field has its bit in an inline descriptor.		// Field has its bit in an inline descriptor.
return Base == 0 \|\| getInlineDesc()->IsInitialized;		return Base == 0 \|\| getInlineDesc()->IsInitialized;
}		}
}		}

void Pointer::initialize() const {		void Pointer::initialize() const {
assert(Pointee && "Cannot initialize null pointer");		assert(Pointee && "Cannot initialize null pointer");
Descriptor *Desc = getFieldDesc();		Descriptor *Desc = getFieldDesc();

assert(Desc);		assert(Desc);
if (Desc->isArray()) {		if (Desc->isArray()) {
if (Desc->isPrimitiveArray() && !Pointee->IsStatic) {		if (Desc->isPrimitiveArray()) {
		// Primitive global arrays don't have an initmap.
		if (isStatic() && Base == 0)
		return;

// Primitive array initializer.		// Primitive array initializer.
InitMap *&Map = getInitMap();		InitMap *&Map = getInitMap();
if (Map == (InitMap *)-1)		if (Map == (InitMap *)-1)
return;		return;
if (Map == nullptr)		if (Map == nullptr)
Map = InitMap::allocate(Desc->getNumElems());		Map = InitMap::allocate(Desc->getNumElems());
if (Map->initialize(getIndex())) {		if (Map->initialize(getIndex())) {
free(Map);		free(Map);
Show All 27 Lines

clang/lib/AST/Interp/Program.h

Show First 20 Lines • Show All 41 Lines • ▼ Show 20 Lines	public:
Program(Context &Ctx) : Ctx(Ctx) {}		Program(Context &Ctx) : Ctx(Ctx) {}

~Program() {		~Program() {
// Records might actually allocate memory themselves, but they		// Records might actually allocate memory themselves, but they
// are allocated using a BumpPtrAllocator. Call their desctructors		// are allocated using a BumpPtrAllocator. Call their desctructors
// here manually so they are properly freeing their resources.		// here manually so they are properly freeing their resources.
for (auto RecordPair : Records)		for (auto RecordPair : Records)
RecordPair.second->~Record();		RecordPair.second->~Record();

		// Manually destroy all the blocks. They are almost all harmless,
		// but primitive arrays might have an InitMap* heap allocated and
		// that needs to be freed.
		for (Global *G : Globals) {
		G->block()->invokeDtor();
		}
		antondaubertUnsubmitted Not Done Reply Inline Actions Seems like this change generates a use-of-uninitialized-value lib/AST/Interp/Descriptor.cpp:150:22 in dtorRecord(clang::interp::Block, char, clang::interp::Descriptor) when executing the test test/AST/Interp/arrays.cpp with a memory sanitizer. antondaubert:* Seems like this change generates a ``` use-of-uninitialized-value lib/AST/Interp/Descriptor.
		tbaederAuthorUnsubmitted Done Reply Inline Actions Should be fixed by https://github.com/llvm/llvm-project/commit/da4b929da79f4ce886f5612e3c84d29c1d2632f7 tbaeder: Should be fixed by https://github.com/llvm/llvm-project/commit/da4b929da79f4ce886f5612e3c84d29c…
}		}

/// Marshals a native pointer to an ID for embedding in bytecode.		/// Marshals a native pointer to an ID for embedding in bytecode.
unsigned getOrCreateNativePointer(const void *Ptr);		unsigned getOrCreateNativePointer(const void *Ptr);

/// Returns the value of a marshalled native pointer.		/// Returns the value of a marshalled native pointer.
const void *getNativePointer(unsigned Idx);		const void *getNativePointer(unsigned Idx);

▲ Show 20 Lines • Show All 176 Lines • Show Last 20 Lines

clang/lib/AST/Interp/Program.cpp

Show First 20 Lines • Show All 58 Lines • ▼ Show 20 Lines	Descriptor *Desc = allocateDescriptor(S, CharType, S->getLength() + 1,
/isMutable=/false);		/isMutable=/false);

// Allocate storage for the string.		// Allocate storage for the string.
// The byte length does not include the null terminator.		// The byte length does not include the null terminator.
unsigned I = Globals.size();		unsigned I = Globals.size();
unsigned Sz = Desc->getAllocSize();		unsigned Sz = Desc->getAllocSize();
auto G = new (Allocator, Sz) Global(Desc, /isStatic=*/true,		auto G = new (Allocator, Sz) Global(Desc, /isStatic=*/true,
/isExtern=/false);		/isExtern=/false);
		G->block()->invokeCtor();
Globals.push_back(G);		Globals.push_back(G);

// Construct the string in storage.		// Construct the string in storage.
const Pointer Ptr(G->block());		const Pointer Ptr(G->block());
for (unsigned I = 0, N = S->getLength(); I <= N; ++I) {		for (unsigned I = 0, N = S->getLength(); I <= N; ++I) {
Pointer Field = Ptr.atIndex(I).narrow();		Pointer Field = Ptr.atIndex(I).narrow();
const uint32_t CodePoint = I == N ? 0 : S->getCodeUnit(I);		const uint32_t CodePoint = I == N ? 0 : S->getCodeUnit(I);
switch (CharType) {		switch (CharType) {
▲ Show 20 Lines • Show All 295 Lines • Show Last 20 Lines