This is an archive of the discontinued LLVM Phabricator instance.

Differential D143300

[randstruct] Don't allow implicit forward decl to stop struct randomization
ClosedPublic

Authored by void on Feb 3 2023, 3:22 PM.

Details

Reviewers
aaron.ballman
MaskRay
nickdesaulniers
Commits
rGf85a9a6452e8: [randstruct] Don't allow implicit forward decl to stop struct randomization
Summary

If a struct/enum type used in a record doesn't have a forward decl /
def, an implicit one is injected into the struct. This stops clang from
randomizing the structure in some situations---i.e. when the struct
contains only function pointers. So we accept forward decls so they
don't prevent randomization.

Fixes 60349

Diff Detail

Unit TestsFailed

TimeTest
110 msx64 debian > LLVM.CodeGen/MLRegalloc::interactive-mode.ll
120 msx64 debian > LLVM.Transforms/Inline/ML::interactive-mode.ll

Event Timeline

void created this revision.Feb 3 2023, 3:22 PM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 3 2023, 3:22 PM
void requested review of this revision.Feb 3 2023, 3:22 PM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 3 2023, 3:22 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
MaskRay added a comment.Feb 3 2023, 3:43 PM

The test appears to belong to test/CodeGen instead of test/Sema ? Mixed 8-column and 2-column indentation probably should be unified.

MaskRay added inline comments.Feb 3 2023, 3:45 PM
clang/test/Sema/init-randomized-struct-fwd-decl.c
23 ↗(On Diff #494757)

// CHECK-LABEL: define {{.*}} @t1( is less likely to cause a conflict with other stuff happening to contain t1 as a substring.

Harbormaster completed remote builds in B211818: Diff 494757.Feb 3 2023, 4:01 PM
void updated this revision to Diff 494772.Feb 3 2023, 4:29 PM

Move test and improve checks.

void marked an inline comment as done.Feb 3 2023, 4:29 PM
Harbormaster completed remote builds in B211826: Diff 494772.Feb 3 2023, 5:38 PM
MaskRay added a comment.Feb 4 2023, 1:29 PM

clang/test/CodeGen/init-randomized-struct-fwd-decl.c passes without this patch. Is it correct?

nickdesaulniers added a comment.Feb 6 2023, 9:06 AM
In D143300#4104469, @MaskRay wrote:

clang/test/CodeGen/init-randomized-struct-fwd-decl.c passes without this patch. Is it correct?

Perhaps related to my comment about RecordDecl vs EnumDecl...

or the tests might require a specific randomization seed?

clang/lib/Sema/SemaDecl.cpp
18891

what about EnumDecls? I suspect the shared common base TagDecl might be better to use?

If it is, can you add a test? I'm guessing

struct foo {
  enum havent_seen_yet;
  enum havent_seen_yet2;
}

would be the test case.

void added a comment.Feb 6 2023, 9:53 AM
In D143300#4107132, @nickdesaulniers wrote:
In D143300#4104469, @MaskRay wrote:

clang/test/CodeGen/init-randomized-struct-fwd-decl.c passes without this patch. Is it correct?

Perhaps related to my comment about RecordDecl vs EnumDecl...

or the tests might require a specific randomization seed?

It was a think-o on my part. The __attribute__((randomize_layout)) forces randomization. And yes I need to add a check for EnumDecl. Patch incoming.

void updated this revision to Diff 495194.Feb 6 2023, 9:58 AM

Fix test and add check for EnumDecl.

void added inline comments.Feb 6 2023, 10:00 AM
clang/lib/Sema/SemaDecl.cpp
18891

Would testing for a TagDecl be better here?

nickdesaulniers added inline comments.Feb 6 2023, 10:06 AM
clang/lib/Sema/SemaDecl.cpp
18891

I think so; common shared base and same logic for both cases here. Unless there's something other than RecordDecl and EnumDecl where this shouldn't apply.

nickdesaulniers added inline comments.Feb 6 2023, 10:07 AM
clang/lib/Sema/SemaDecl.cpp
18891

Unless there's something other than RecordDecl and EnumDecl where this shouldn't apply.

The TagDecl constructor is only called from the RecordDecl and EnumDecl constructors. So I think it's simpler to just check TagDecl base type rather than each of the two derived types.

void updated this revision to Diff 495204.Feb 6 2023, 10:17 AM
void marked an inline comment as done.

Use TagDecl.

MaskRay accepted this revision.Feb 6 2023, 10:19 AM
MaskRay added inline comments.
clang/test/CodeGen/init-randomized-struct-fwd-decl.c
24

@t1(

(This helps distinguish @t10 from @t1, if we ever need t10 :) )

This revision is now accepted and ready to land.Feb 6 2023, 10:19 AM
nickdesaulniers added inline comments.Feb 6 2023, 10:37 AM
clang/test/CodeGen/init-randomized-struct-fwd-decl.c
3

Is the second check prefix necessary? The check lines look the same to me, unless I'm missing something.

Removing it should let us also drop the redundant FWD-DECL lines below.

void added inline comments.Feb 6 2023, 11:35 AM
clang/lib/Sema/SemaDecl.cpp
18891

I like that better. Done. :)

clang/test/CodeGen/init-randomized-struct-fwd-decl.c
3

It's there to check that the randomization doesn't change if the forward decl is outside of the structure. However, Windows yet again uses a different algorithm than Linux and generates a different randomized ordering. It's annoying. I can remove this check.

MaskRay added inline comments.Feb 6 2023, 11:57 AM
clang/test/CodeGen/init-randomized-struct-fwd-decl.c
3

Instead of having two RUN lines, you may write both declarations (one using forard-decl, the other doesn't) in the source code. It decreases the number of clang invocations.

void updated this revision to Diff 495237.Feb 6 2023, 12:06 PM

Remove extra line.

nickdesaulniers accepted this revision.Feb 6 2023, 12:47 PM

Thanks for the patch!

This revision was landed with ongoing or failed builds.Feb 6 2023, 2:26 PM
Closed by commit rGf85a9a6452e8: [randstruct] Don't allow implicit forward decl to stop struct randomization (authored by void). · Explain Why
This revision was automatically updated to reflect the committed changes.
void added a commit: rGf85a9a6452e8: [randstruct] Don't allow implicit forward decl to stop struct randomization.
Harbormaster completed remote builds in B212186: Diff 495237.Feb 6 2023, 2:44 PM
haowei added a subscriber: haowei.EditedFeb 6 2023, 4:24 PM

FYI, this patch looks like was pushed into a new "Main" branch instead of the actual "main" branch.:

commit f85a9a6452e8f49f9768d66a86434a88a5891614 (origin/Main)
Author: Bill Wendling <morbo@google.com>
Date:   Mon Feb 6 14:26:16 2023 -0800

    [randstruct] Don't allow implicit forward decl to stop struct randomization

It causes git checkout failures on Windows, see error message:

warning: encountered old-style '/ssl/certs/ca-bundle.crt' that should be '%(prefix)//ssl/certs/ca-bundle.crt'
From https://llvm.googlesource.com/a/llvm-project
 * [new branch]                Main       -> Main
error: cannot lock ref 'refs/heads/main': is at f85a9a6452e8f49f9768d66a86434a88a5891614 but expected abbd256a810a0b0c92dda88a3050fc85cb604a9c
 ! abbd256a810a..14ca2e68ff4c  main       -> main  (unable to update local ref)

Windows use case aware but insensitive filesystem and 2 "main" branches will not work out.
See explanation at https://stackoverflow.com/questions/10068640/git-error-on-git-pull-unable-to-update-local-ref/66832220#66832220
I will attempt deleting the "Main" branch to correct this error.

void added a comment.Feb 6 2023, 10:22 PM
In D143300#4108500, @haowei wrote:

FYI, this patch looks like was pushed into a new "Main" branch instead of the actual "main" branch.:

commit f85a9a6452e8f49f9768d66a86434a88a5891614 (origin/Main)
Author: Bill Wendling <morbo@google.com>
Date:   Mon Feb 6 14:26:16 2023 -0800

    [randstruct] Don't allow implicit forward decl to stop struct randomization

It causes git checkout failures on Windows, see error message:

warning: encountered old-style '/ssl/certs/ca-bundle.crt' that should be '%(prefix)//ssl/certs/ca-bundle.crt'
From https://llvm.googlesource.com/a/llvm-project
 * [new branch]                Main       -> Main
error: cannot lock ref 'refs/heads/main': is at f85a9a6452e8f49f9768d66a86434a88a5891614 but expected abbd256a810a0b0c92dda88a3050fc85cb604a9c
 ! abbd256a810a..14ca2e68ff4c  main       -> main  (unable to update local ref)

Windows use case aware but insensitive filesystem and 2 "main" branches will not work out.
See explanation at https://stackoverflow.com/questions/10068640/git-error-on-git-pull-unable-to-update-local-ref/66832220#66832220
I will attempt deleting the "Main" branch to correct this error.

Sorry about this. I thought I stopped the commit before it finished. :-(

Revision Contents

PathSize
clang/
lib/
Sema/
20 lines
test/
CodeGen/
48 lines

Diff 494772

clang/lib/Sema/SemaDecl.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 18,868 Lines▼ Show 20 Lines if (Record) {
if (!Completed) if (!Completed)
Record->completeDefinition(); Record->completeDefinition();
// Handle attributes before checking the layout. // Handle attributes before checking the layout.
ProcessDeclAttributeList(S, Record, Attrs); ProcessDeclAttributeList(S, Record, Attrs);
// Check to see if a FieldDecl is a pointer to a function. // Check to see if a FieldDecl is a pointer to a function.
auto IsFunctionPointer = [&](const Decl *D) { auto IsFunctionPointerOrForwardDecl = [&](const Decl *D) {
const FieldDecl *FD = dyn_cast<FieldDecl>(D); const FieldDecl *FD = dyn_cast<FieldDecl>(D);
if (!FD) if (!FD) {
// Check whether this is a forward declaration that was inserted by
// Clang. This happens when a non-forward declared / defined type is
// used, e.g.:
//
// struct foo {
// struct bar *(*f)();
// struct bar *(*g)();
// };
//
// "struct bar" shows up in the decl AST as a "RecordDecl" with an
// incomplete definition.
if (const auto *RD = dyn_cast<RecordDecl>(D))
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

what about EnumDecls? I suspect the shared common base TagDecl might be better to use?

If it is, can you add a test? I'm guessing

struct foo {
  enum havent_seen_yet;
  enum havent_seen_yet2;
}

would be the test case.

nickdesaulniers: what about `EnumDecl`s? I suspect the shared common base `TagDecl` might be better to use? If…
voidAuthorUnsubmitted
Done
ReplyInline Actions

Would testing for a TagDecl be better here?

void: Would testing for a `TagDecl` be better here?
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

I think so; common shared base and same logic for both cases here. Unless there's something other than RecordDecl and EnumDecl where this shouldn't apply.

nickdesaulniers: I think so; common shared base and same logic for both cases here. Unless there's something…
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Unless there's something other than RecordDecl and EnumDecl where this shouldn't apply.

The TagDecl constructor is only called from the RecordDecl and EnumDecl constructors. So I think it's simpler to just check TagDecl base type rather than each of the two derived types.

nickdesaulniers: > Unless there's something other than RecordDecl and EnumDecl where this shouldn't apply. The…
voidAuthorUnsubmitted
Done
ReplyInline Actions

I like that better. Done. :)

void: I like that better. Done. :)
return !RD->isCompleteDefinition();
return false; return false;
}
QualType FieldType = FD->getType().getDesugaredType(Context); QualType FieldType = FD->getType().getDesugaredType(Context);
if (isa<PointerType>(FieldType)) { if (isa<PointerType>(FieldType)) {
QualType PointeeType = cast<PointerType>(FieldType)->getPointeeType(); QualType PointeeType = cast<PointerType>(FieldType)->getPointeeType();
return PointeeType.getDesugaredType(Context)->isFunctionType(); return PointeeType.getDesugaredType(Context)->isFunctionType();
} }
return false; return false;
}; };
// Maybe randomize the record's decls. We automatically randomize a record // Maybe randomize the record's decls. We automatically randomize a record
// of function pointers, unless it has the "no_randomize_layout" attribute. // of function pointers, unless it has the "no_randomize_layout" attribute.
if (!getLangOpts().CPlusPlus && if (!getLangOpts().CPlusPlus &&
(Record->hasAttr<RandomizeLayoutAttr>() || (Record->hasAttr<RandomizeLayoutAttr>() ||
(!Record->hasAttr<NoRandomizeLayoutAttr>() && (!Record->hasAttr<NoRandomizeLayoutAttr>() &&
llvm::all_of(Record->decls(), IsFunctionPointer))) && llvm::all_of(Record->decls(), IsFunctionPointerOrForwardDecl))) &&
!Record->isUnion() && !getLangOpts().RandstructSeed.empty() && !Record->isUnion() && !getLangOpts().RandstructSeed.empty() &&
!Record->isRandomized()) { !Record->isRandomized()) {
SmallVector<Decl *, 32> NewDeclOrdering; SmallVector<Decl *, 32> NewDeclOrdering;
if (randstruct::randomizeStructureLayout(Context, Record, if (randstruct::randomizeStructureLayout(Context, Record,
NewDeclOrdering)) NewDeclOrdering))
Record->reorderDecls(NewDeclOrdering); Record->reorderDecls(NewDeclOrdering);
} }
▲ Show 20 LinesShow All 1,041 LinesShow Last 20 Lines

clang/test/CodeGen/init-randomized-struct-fwd-decl.c

  • This file was added.
// RUN: %clang_cc1 -triple=x86_64-unknown-linux -emit-llvm -frandomize-layout-seed=1234567890abcdef < %s | FileCheck %s
// RUN: %clang_cc1 -triple=x86_64-unknown-linux -emit-llvm -frandomize-layout-seed=1234567890abcdef -DFORWARD_DECL < %s | FileCheck -check-prefix=FWD-DECL %s
// PR60349
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

Is the second check prefix necessary? The check lines look the same to me, unless I'm missing something.

Removing it should let us also drop the redundant FWD-DECL lines below.

nickdesaulniers: Is the second check prefix necessary? The check lines look the same to me, unless I'm missing…
voidAuthorUnsubmitted
Done
ReplyInline Actions

It's there to check that the randomization doesn't change if the forward decl is outside of the structure. However, Windows yet again uses a different algorithm than Linux and generates a different randomized ordering. It's annoying. I can remove this check.

void: It's there to check that the randomization doesn't change if the forward decl is outside of the…
MaskRayUnsubmitted
Not Done
ReplyInline Actions

Instead of having two RUN lines, you may write both declarations (one using forard-decl, the other doesn't) in the source code. It decreases the number of clang invocations.

MaskRay: Instead of having two RUN lines, you may write both declarations (one using forard-decl, the…
// Clang will add a forward declaration of "struct bar" and "enum qux" to the
// structures. This shouldn't prevent these structures from being randomized.
// So the 'f' element shouldn't be at the start of the structure anymore.
#ifdef FORWARD_DECL
struct bar;
enum qux;
#endif
struct foo {
struct bar *(*f)(void);
struct bar *(*g)(void);
struct bar *(*h)(void);
struct bar *(*i)(void);
struct bar *(*j)(void);
struct bar *(*k)(void);
} __attribute__((randomize_layout));
// CHECK-LABEL: define {{.*}}@t1
// CHECK: getelementptr inbounds %struct.foo, ptr %0, i32 0, i32 2
MaskRayUnsubmitted
Not Done
ReplyInline Actions

@t1(

(This helps distinguish @t10 from @t1, if we ever need t10 :) )

MaskRay: `@t1(` (This helps distinguish `@t10` from `@t1`, if we ever need `t10` :) )
// FWD-DECL-LABEL: define {{.*}}@t1
// FWD-DECL: getelementptr inbounds %struct.foo, ptr %0, i32 0, i32 2
struct bar *t1(struct foo *z) {
return z->f();
}
struct baz {
enum qux *(*f)(void);
enum qux *(*g)(void);
enum qux *(*h)(void);
enum qux *(*i)(void);
enum qux *(*j)(void);
enum qux *(*k)(void);
} __attribute__((randomize_layout));
// CHECK-LABEL: define {{.*}}@t2
// CHECK: getelementptr inbounds %struct.baz, ptr %0, i32 0, i32 4
// FWD-DECL-LABEL: define {{.*}}@t2
// FWD-DECL: getelementptr inbounds %struct.baz, ptr %0, i32 0, i32 4
enum qux *t2(struct baz *z) {
return z->f();
}