This is an archive of the discontinued LLVM Phabricator instance.

Differential D138275

[clang][Interp] Avoid leaking init maps of local primitive arrays
AbandonedPublic

Authored by tbaeder on Nov 18 2022, 2:39 AM.

Details

Reviewers
aaron.ballman
erichkeane
tahonermann
shafik
Summary

This shows up when the interpretation is interrupted, in this case because we're reading an uninitialized value, and so we don't get to the destroy instruction for the scope.

This adds a destroyAll() that calls deallocates all the local variables of all the scopes in the function. This works, but I was wondering if it should instead be a cleanupLeftovers() that's only used by the caller _if_ the interpretation wasn't successful.

Diff Detail

Event Timeline

tbaeder created this revision.Nov 18 2022, 2:39 AM
Herald added a project: Restricted Project. · View Herald TranscriptNov 18 2022, 2:39 AM
tbaeder requested review of this revision.Nov 18 2022, 2:39 AM
Herald added a project: Restricted Project. · View Herald TranscriptNov 18 2022, 2:39 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
Harbormaster completed remote builds in B198414: Diff 476395.Nov 18 2022, 2:40 AM
tbaeder updated this revision to Diff 478598.Nov 29 2022, 7:53 AM
Harbormaster completed remote builds in B200036: Diff 478598.Nov 29 2022, 7:54 AM
erichkeane added a comment.Nov 29 2022, 7:57 AM

This is REALLY making me concerned again about ownership semantics in the interpreter. I don't have any real concerns with this patch-as-is, but I DO have concerns with the architecture that makes something like this necessary.

shafik added a comment.Jan 23 2023, 9:10 PM

This looks good to me but I am wondering how "interpretation is interrupted" can happen.

tbaeder added a comment.Jan 23 2023, 9:25 PM

It's interrupted whenever one of the emitXXX() functions returns false, or when one of the function in Interp.h returns false, e.g. when trying to read from a null pointer.

tbaeder added a comment.Feb 28 2023, 5:40 AM

Ping

aaron.ballman added a comment.Mar 1 2023, 12:17 PM

Generally LGTM though I had a suggestion that might help some of Erich's concerns. FWIW, I share his concerns about memory ownership in the interpreter becoming convoluted

clang/lib/AST/Interp/InterpFrame.h
51–53

Rather than allow anyone with access to the function to call it, would it make sense to put the functionality directly in the destructor? It's not a huge amount of code, and it reduces the cognitive overhead of figuring out who can destroy what.

tbaeder abandoned this revision.Mar 15 2023, 9:32 AM

Abandoning this since the approach is not feasible anymore with https://reviews.llvm.org/D145545

Revision Contents

PathSize
clang/
lib/
AST/
Interp/
5 lines
11 lines
5 lines
12 lines
test/
AST/
Interp/
12 lines

Diff 478598

clang/lib/AST/Interp/InterpFrame.h

Show First 20 LinesShow All 41 Lines▼ Show 20 Linespublic:
InterpFrame(InterpState &S, const Function *Func, CodePtr RetPC); InterpFrame(InterpState &S, const Function *Func, CodePtr RetPC);
/// Destroys the frame, killing all live pointers to stack slots. /// Destroys the frame, killing all live pointers to stack slots.
~InterpFrame(); ~InterpFrame();
/// Invokes the destructors for a scope. /// Invokes the destructors for a scope.
void destroy(unsigned Idx); void destroy(unsigned Idx);
/// Invokes the destructors for all scopes. This is used in the
/// InterpFrame destructor to avoid memory leaks in case the
/// interpretation was not successful.
void destroyAll();
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Rather than allow anyone with access to the function to call it, would it make sense to put the functionality directly in the destructor? It's not a huge amount of code, and it reduces the cognitive overhead of figuring out who can destroy what.

aaron.ballman: Rather than allow anyone with access to the function to call it, would it make sense to put the…
/// Pops the arguments off the stack. /// Pops the arguments off the stack.
void popArgs(); void popArgs();
/// Describes the frame with arguments for diagnostic purposes. /// Describes the frame with arguments for diagnostic purposes.
void describe(llvm::raw_ostream &OS) override; void describe(llvm::raw_ostream &OS) override;
/// Returns the parent frame object. /// Returns the parent frame object.
Frame *getCaller() const override; Frame *getCaller() const override;
▲ Show 20 LinesShow All 114 LinesShow Last 20 Lines

clang/lib/AST/Interp/InterpFrame.cpp

Show First 20 LinesShow All 58 Lines▼ Show 20 Lines if (Func->hasThisPointer()) {
if (Func->hasRVO()) if (Func->hasRVO())
This = stackRef<Pointer>(sizeof(Pointer)); This = stackRef<Pointer>(sizeof(Pointer));
else else
This = stackRef<Pointer>(0); This = stackRef<Pointer>(0);
} }
} }
InterpFrame::~InterpFrame() { InterpFrame::~InterpFrame() {
destroyAll();
for (auto &Param : Params) for (auto &Param : Params)
S.deallocate(reinterpret_cast<Block *>(Param.second.get())); S.deallocate(reinterpret_cast<Block *>(Param.second.get()));
} }
void InterpFrame::destroy(unsigned Idx) { void InterpFrame::destroy(unsigned Idx) {
for (auto &Local : Func->getScope(Idx).locals()) { for (auto &Local : Func->getScope(Idx).locals()) {
S.deallocate(reinterpret_cast<Block *>(localBlock(Local.Offset))); S.deallocate(reinterpret_cast<Block *>(localBlock(Local.Offset)));
} }
} }
void InterpFrame::destroyAll() {
if (!Func)
return;
for (const Scope &Sc : Func->scopes()) {
for (auto &Local : Sc.locals()) {
S.destroy(reinterpret_cast<Block *>(localBlock(Local.Offset)));
}
}
}
void InterpFrame::popArgs() { void InterpFrame::popArgs() {
for (PrimType Ty : Func->args_reverse()) for (PrimType Ty : Func->args_reverse())
TYPE_SWITCH(Ty, S.Stk.discard<T>()); TYPE_SWITCH(Ty, S.Stk.discard<T>());
} }
template <typename T> template <typename T>
static void print(llvm::raw_ostream &OS, const T &V, ASTContext &, QualType) { static void print(llvm::raw_ostream &OS, const T &V, ASTContext &, QualType) {
OS << V; OS << V;
▲ Show 20 LinesShow All 134 LinesShow Last 20 Lines

clang/lib/AST/Interp/InterpState.h

Show First 20 LinesShow All 72 Lines▼ Show 20 Linespublic:
void setFoldFailureDiagnostic(bool Flag) override { void setFoldFailureDiagnostic(bool Flag) override {
Parent.setFoldFailureDiagnostic(Flag); Parent.setFoldFailureDiagnostic(Flag);
} }
bool hasPriorDiagnostic() override { return Parent.hasPriorDiagnostic(); } bool hasPriorDiagnostic() override { return Parent.hasPriorDiagnostic(); }
/// Reports overflow and return true if evaluation should continue. /// Reports overflow and return true if evaluation should continue.
bool reportOverflow(const Expr *E, const llvm::APSInt &Value); bool reportOverflow(const Expr *E, const llvm::APSInt &Value);
/// Deallocates a pointer. /// Deallocates a block.
void deallocate(Block *B); void deallocate(Block *B);
/// Destroys a block, used during tear down.
void destroy(Block *B);
/// Delegates source mapping to the mapper. /// Delegates source mapping to the mapper.
SourceInfo getSource(const Function *F, CodePtr PC) const override { SourceInfo getSource(const Function *F, CodePtr PC) const override {
return M ? M->getSource(F, PC) : F->getSource(PC); return M ? M->getSource(F, PC) : F->getSource(PC);
} }
private: private:
/// AST Walker state. /// AST Walker state.
State &Parent; State &Parent;
Show All 22 Lines

clang/lib/AST/Interp/InterpState.cpp

Show First 20 LinesShow All 48 Lines▼ Show 20 Lines
} }
bool InterpState::reportOverflow(const Expr *E, const llvm::APSInt &Value) { bool InterpState::reportOverflow(const Expr *E, const llvm::APSInt &Value) {
QualType Type = E->getType(); QualType Type = E->getType();
CCEDiag(E, diag::note_constexpr_overflow) << Value << Type; CCEDiag(E, diag::note_constexpr_overflow) << Value << Type;
return noteUndefinedBehavior(); return noteUndefinedBehavior();
} }
void InterpState::destroy(Block *B) {
assert(B);
Descriptor *Desc = B->getDescriptor();
assert(Desc);
// Free storage, if necessary.
if (Desc->DtorFn)
Desc->DtorFn(B, B->data(), Desc);
}
void InterpState::deallocate(Block *B) { void InterpState::deallocate(Block *B) {
Descriptor *Desc = B->getDescriptor(); Descriptor *Desc = B->getDescriptor();
if (B->hasPointers()) { if (B->hasPointers()) {
size_t Size = B->getSize(); size_t Size = B->getSize();
// Allocate a new block, transferring over pointers. // Allocate a new block, transferring over pointers.
char *Memory = reinterpret_cast<char *>(malloc(sizeof(DeadBlock) + Size)); char *Memory = reinterpret_cast<char *>(malloc(sizeof(DeadBlock) + Size));
auto *D = new (Memory) DeadBlock(DeadBlocks, B); auto *D = new (Memory) DeadBlock(DeadBlocks, B);
// Move data from one block to another. // Move data from one block to another.
if (Desc->MoveFn) if (Desc->MoveFn)
Desc->MoveFn(B, B->data(), D->data(), Desc); Desc->MoveFn(B, B->data(), D->data(), Desc);
} else { } else {
// Free storage, if necessary. // Free storage, if necessary.
if (Desc->DtorFn) destroy(B);
Desc->DtorFn(B, B->data(), Desc);
} }
} }

clang/test/AST/Interp/cxx20.cpp

Show First 20 LinesShow All 298 Lines▼ Show 20 Linesnamespace Destructors {
} }
constexpr int testInc2() { constexpr int testInc2() {
int i = 0; int i = 0;
doInc2(i); doInc2(i);
return i; return i;
} }
static_assert(testInc2() == 1, ""); static_assert(testInc2() == 1, "");
}; };
constexpr int NoLeakHere() {
int abc[2];
abc[0] = 1;
return abc[1]; // expected-note {{read of object outside its lifetime}} \
// ref-note {{read of uninitialized object}}
}
static_assert(NoLeakHere() == 3); // expected-error {{not an integral constant expression}} \
// expected-note {{in call to}} \
// ref-error {{not an integral constant expression}} \
// ref-note {{in call to}}