This is an archive of the discontinued LLVM Phabricator instance.

Differential D149013

[clang][Interp] Check pointers when accessing base class
Needs RevisionPublic

Authored by tbaeder on Apr 23 2023, 1:19 AM.

Details

Reviewers
aaron.ballman
erichkeane
tahonermann
shafik

Diff Detail

Event Timeline

tbaeder created this revision.Apr 23 2023, 1:19 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 23 2023, 1:19 AM
tbaeder requested review of this revision.Apr 23 2023, 1:19 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 23 2023, 1:19 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
Harbormaster completed remote builds in B227501: Diff 516130.Apr 23 2023, 1:20 AM
tbaeder added a comment.May 1 2023, 6:42 AM

Ping

aaron.ballman accepted this revision.May 2 2023, 1:44 PM

LGTM

This revision is now accepted and ready to land.May 2 2023, 1:44 PM
aaron.ballman requested changes to this revision.May 2 2023, 1:54 PM
aaron.ballman added inline comments.
clang/test/AST/Interp/records.cpp
509–512

I may have jumped the gun on accepting this, actually. Forming the pointer to &b + 1 is fine, but evaluating it by dereferencing it would be UB. e.g., http://eel.is/c++draft/expr.const#13.3

This revision now requires changes to proceed.May 2 2023, 1:54 PM
cor3ntin added a subscriber: cor3ntin.May 2 2023, 1:57 PM
cor3ntin added inline comments.
clang/test/AST/Interp/records.cpp
509–512

We probably want tests that ensure &b+2 is invalid in all cases

tbaeder added inline comments.May 2 2023, 11:09 PM
clang/test/AST/Interp/records.cpp
509–512

It's being evaluated because the base class is accessed, isn't it? if b was of type A*, we would not emit a diagnostic (see line 506 above).

aaron.ballman added subscribers: hubert.reinterpretcast, rsmith.May 3 2023, 5:12 AM
aaron.ballman added inline comments.
clang/test/AST/Interp/records.cpp
509–512

I'm not seeing the access to the base class -- we're forming a pointer, not dereferencing it.

https://godbolt.org/z/vxThqczeo

I think this is an existing Clang bug. CC @hubert.reinterpretcast @rsmith for additional opinions.

tbaeder added a comment.May 30 2023, 3:19 AM

Ping

tbaeder added a comment.Jul 11 2023, 2:59 AM

Ping

tbaeder added a comment.Jul 23 2023, 12:40 AM

Ping

tbaeder added a comment.Jul 31 2023, 12:21 AM

Ping

tbaeder added a comment.Aug 10 2023, 5:07 AM

Ping

cor3ntin added inline comments.Aug 10 2023, 6:21 AM
clang/test/AST/Interp/records.cpp
509–512

I believe this is fine, or at least i can't find any wording that would say it's not.

In particular:

So i do believe GCC, MSVC and ICC are correct here.

Revision Contents

PathSize
clang/
lib/
AST/
Interp/
7 lines
9 lines
test/
AST/
Interp/
15 lines

Diff 516130

clang/lib/AST/Interp/Interp.h

Show First 20 LinesShow All 61 Lines▼ Show 20 Lines
/// Checks if a pointer is in range. /// Checks if a pointer is in range.
bool CheckRange(InterpState &S, CodePtr OpPC, const Pointer &Ptr, bool CheckRange(InterpState &S, CodePtr OpPC, const Pointer &Ptr,
AccessKinds AK); AccessKinds AK);
/// Checks if a field from which a pointer is going to be derived is valid. /// Checks if a field from which a pointer is going to be derived is valid.
bool CheckRange(InterpState &S, CodePtr OpPC, const Pointer &Ptr, bool CheckRange(InterpState &S, CodePtr OpPC, const Pointer &Ptr,
CheckSubobjectKind CSK); CheckSubobjectKind CSK);
/// Checks if accessing a base of the given pointer is valid.
bool CheckBase(InterpState &S, CodePtr OpPC, const Pointer &Ptr);
/// Checks if a pointer points to const storage. /// Checks if a pointer points to const storage.
bool CheckConst(InterpState &S, CodePtr OpPC, const Pointer &Ptr); bool CheckConst(InterpState &S, CodePtr OpPC, const Pointer &Ptr);
/// Checks if a pointer points to a mutable field. /// Checks if a pointer points to a mutable field.
bool CheckMutable(InterpState &S, CodePtr OpPC, const Pointer &Ptr); bool CheckMutable(InterpState &S, CodePtr OpPC, const Pointer &Ptr);
/// Checks if a value can be loaded from a block. /// Checks if a value can be loaded from a block.
bool CheckLoad(InterpState &S, CodePtr OpPC, const Pointer &Ptr); bool CheckLoad(InterpState &S, CodePtr OpPC, const Pointer &Ptr);
▲ Show 20 LinesShow All 996 Lines▼ Show 20 Lines if (S.checkingPotentialConstantExpression())
S.Stk.push<Pointer>(std::move(Field)); S.Stk.push<Pointer>(std::move(Field));
return true; return true;
} }
inline bool GetPtrBase(InterpState &S, CodePtr OpPC, uint32_t Off) { inline bool GetPtrBase(InterpState &S, CodePtr OpPC, uint32_t Off) {
const Pointer &Ptr = S.Stk.peek<Pointer>(); const Pointer &Ptr = S.Stk.peek<Pointer>();
if (!CheckNull(S, OpPC, Ptr, CSK_Base)) if (!CheckNull(S, OpPC, Ptr, CSK_Base))
return false; return false;
if (!CheckBase(S, OpPC, Ptr))
return false;
S.Stk.push<Pointer>(Ptr.atField(Off)); S.Stk.push<Pointer>(Ptr.atField(Off));
return true; return true;
} }
inline bool GetPtrBasePop(InterpState &S, CodePtr OpPC, uint32_t Off) { inline bool GetPtrBasePop(InterpState &S, CodePtr OpPC, uint32_t Off) {
const Pointer &Ptr = S.Stk.pop<Pointer>(); const Pointer &Ptr = S.Stk.pop<Pointer>();
if (!CheckNull(S, OpPC, Ptr, CSK_Base)) if (!CheckNull(S, OpPC, Ptr, CSK_Base))
return false; return false;
if (!CheckBase(S, OpPC, Ptr))
return false;
S.Stk.push<Pointer>(Ptr.atField(Off)); S.Stk.push<Pointer>(Ptr.atField(Off));
return true; return true;
} }
inline bool GetPtrThisBase(InterpState &S, CodePtr OpPC, uint32_t Off) { inline bool GetPtrThisBase(InterpState &S, CodePtr OpPC, uint32_t Off) {
if (S.checkingPotentialConstantExpression()) if (S.checkingPotentialConstantExpression())
return false; return false;
const Pointer &This = S.Current->getThis(); const Pointer &This = S.Current->getThis();
▲ Show 20 LinesShow All 652 LinesShow Last 20 Lines

clang/lib/AST/Interp/Interp.cpp

Show First 20 LinesShow All 205 Lines▼ Show 20 Linesbool CheckRange(InterpState &S, CodePtr OpPC, const Pointer &Ptr,
CheckSubobjectKind CSK) { CheckSubobjectKind CSK) {
if (!Ptr.isElementPastEnd()) if (!Ptr.isElementPastEnd())
return true; return true;
const SourceInfo &Loc = S.Current->getSource(OpPC); const SourceInfo &Loc = S.Current->getSource(OpPC);
S.FFDiag(Loc, diag::note_constexpr_past_end_subobject) << CSK; S.FFDiag(Loc, diag::note_constexpr_past_end_subobject) << CSK;
return false; return false;
} }
bool CheckBase(InterpState &S, CodePtr OpPC, const Pointer &Ptr) {
if (!Ptr.isOnePastEnd())
return true;
const SourceInfo &Loc = S.Current->getSource(OpPC);
S.FFDiag(Loc, diag::note_constexpr_past_end_subobject) << CSK_Base;
return false;
}
bool CheckConst(InterpState &S, CodePtr OpPC, const Pointer &Ptr) { bool CheckConst(InterpState &S, CodePtr OpPC, const Pointer &Ptr) {
assert(Ptr.isLive() && "Pointer is not live"); assert(Ptr.isLive() && "Pointer is not live");
if (!Ptr.isConst()) if (!Ptr.isConst())
return true; return true;
// The This pointer is writable in constructors and destructors, // The This pointer is writable in constructors and destructors,
// even if isConst() returns true. // even if isConst() returns true.
if (const Function *Func = S.Current->getFunction(); if (const Function *Func = S.Current->getFunction();
▲ Show 20 LinesShow All 324 LinesShow Last 20 Lines

clang/test/AST/Interp/records.cpp

Show First 20 LinesShow All 491 Lines▼ Show 20 Linesnamespace DeclRefs {
/// FIXME: The following two lines don't work because we don't get the /// FIXME: The following two lines don't work because we don't get the
/// pointers on the LHS correct. They make us run into an assertion /// pointers on the LHS correct. They make us run into an assertion
/// in CheckEvaluationResult. However, this may just be caused by the /// in CheckEvaluationResult. However, this may just be caused by the
/// problems in the previous examples. /// problems in the previous examples.
//static_assert(b.a.m == 100, ""); //static_assert(b.a.m == 100, "");
//static_assert(b.a.f == 100, ""); //static_assert(b.a.f == 100, "");
} }
namespace PointerArith {
struct A {};
struct B : A { int n; };
B b = {};
constexpr A *a1 = &b;
constexpr B *b1 = &b + 1;
constexpr B *b2 = &b + 0;
constexpr A *a2 = &b + 1; // expected-error {{must be initialized by a constant expression}} \
// expected-note {{cannot access base class of pointer past the end of object}} \
// ref-error {{must be initialized by a constant expression}} \
// ref-note {{cannot access base class of pointer past the end of object}}
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

I may have jumped the gun on accepting this, actually. Forming the pointer to &b + 1 is fine, but evaluating it by dereferencing it would be UB. e.g., http://eel.is/c++draft/expr.const#13.3

aaron.ballman: I may have jumped the gun on accepting this, actually. Forming the pointer to `&b + 1` is fine…
cor3ntinUnsubmitted
Not Done
ReplyInline Actions

We probably want tests that ensure &b+2 is invalid in all cases

cor3ntin: We probably want tests that ensure `&b+2` is invalid in all cases
tbaederAuthorUnsubmitted
Done
ReplyInline Actions

It's being evaluated because the base class is accessed, isn't it? if b was of type A*, we would not emit a diagnostic (see line 506 above).

tbaeder: It's being evaluated because the base class is accessed, isn't it? if `b` was of type `A*`, we…
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

I'm not seeing the access to the base class -- we're forming a pointer, not dereferencing it.

https://godbolt.org/z/vxThqczeo

I think this is an existing Clang bug. CC @hubert.reinterpretcast @rsmith for additional opinions.

aaron.ballman: I'm not seeing the access to the base class -- we're forming a pointer, not dereferencing it.
cor3ntinUnsubmitted
Not Done
ReplyInline Actions

I believe this is fine, or at least i can't find any wording that would say it's not.

In particular:

So i do believe GCC, MSVC and ICC are correct here.

cor3ntin: I believe this is fine, or at least i can't find any wording that would say it's not. In…
}
#if __cplusplus >= 202002L #if __cplusplus >= 202002L
namespace VirtualCalls { namespace VirtualCalls {
namespace Obvious { namespace Obvious {
class A { class A {
public: public:
constexpr A(){} constexpr A(){}
constexpr virtual int foo() { constexpr virtual int foo() {
▲ Show 20 LinesShow All 218 LinesShow Last 20 Lines