This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
lib/Sema/
-
Sema/
3/3
SemaDeclAttr.cpp
-
test/Sema/
-
Sema/
1/1
attr-aligned.c

Differential D152335

[Clang] Add check to Sema::AddAlignedAttr to verify active bits is not out of range
ClosedPublic

Authored by shafik on Jun 6 2023, 8:04 PM.

Download Raw Diff

Details

Reviewers

aaron.ballman
erichkeane

Commits

rG086183c6c65f: [Clang] Add check to Sema::AddAlignedAttr to verify active bits is not out of…

Summary

If we provide too large a value for the alignment attribute APInt::getZExtValue() will assert. This PR adds a active bits check and folds it into the MaximumAlignment check.

This fixes: https://github.com/llvm/llvm-project/issues/50534

Diff Detail

Event Timeline

shafik created this revision.Jun 6 2023, 8:04 PM

Herald added a project: Restricted Project. · View Herald TranscriptJun 6 2023, 8:04 PM

shafik requested review of this revision.Jun 6 2023, 8:04 PM

Harbormaster completed remote builds in B237158: Diff 529141.Jun 6 2023, 10:55 PM

erichkeane added inline comments.Jun 7 2023, 6:28 AM

clang/lib/Sema/SemaDeclAttr.cpp
4498–4499	What is the purpose of using 'ActiveBits' here? Why is this not a sub-set of the operator `>` from below? That is, 'ActiveBits' allows for 0xFF when the 'MaxValue' is 0x80 (top bit set), but the operator > would have caught that anyway, right? Also, how does 'ActiveBits' work with negative numbers?

erichkeane added inline comments.Jun 7 2023, 6:40 AM

clang/lib/Sema/SemaDeclAttr.cpp
4502	So looking more closely, THIS is the problem right here. I think we probably should just be storing `MaximumAlignment` and `AlignVal` as an llvm::APInt and just do the comparison on `APInt`, rather than try to be tricky with the bits here. Basically, don't extract the 'Alignment' from the `APInt` until after the test for >.

aaron.ballman added inline comments.Jun 7 2023, 9:27 AM

clang/lib/Sema/SemaDeclAttr.cpp
4502	You're correct that this is the cause of the assertion, which happens when `Alignment` can't fit in a `uint64_t`. It took me a minute to see what you meant, but I agree, we can test whether `Alignment < MaximumAlignment` and rely on the fact that `MaximumAlignment` will be representable in a 64-bit integer. I think I led @shafik astray with a comment I made on the issue.

Switched to using APSInt::operator> as discussed offline w/ Erich and Aaron

shafik marked an inline comment as done.Jun 7 2023, 12:05 PM

shafik added inline comments.

clang/test/Sema/attr-aligned.c
1	The previous triple did not support `__int128_t`

Needs a release note. Also, the changing of order is POSSIBLY a change in behavior (in that we're now diagnosing 'out of range' before 'power of 2'), but I don't think we care.

This revision is now accepted and ready to land.Jun 7 2023, 12:09 PM

LGTM with a release note.

In D152335#4404114, @erichkeane wrote:

Needs a release note. Also, the changing of order is POSSIBLY a change in behavior (in that we're now diagnosing 'out of range' before 'power of 2'), but I don't think we care.

I don't consider that a behavioral change to be worried about. Telling the user "this value is too big" before telling them "it's not a power of two" seems equivalent or perhaps slightly better than "this is not a power of two" and then "oh, and it's too big."

In D152335#4404118, @aaron.ballman wrote:

LGTM with a release note.

In D152335#4404114, @erichkeane wrote:

Needs a release note. Also, the changing of order is POSSIBLY a change in behavior (in that we're now diagnosing 'out of range' before 'power of 2'), but I don't think we care.

I don't consider that a behavioral change to be worried about. Telling the user "this value is too big" before telling them "it's not a power of two" seems equivalent or perhaps slightly better than "this is not a power of two" and then "oh, and it's too big."

Well, its telling them "this value is too big" instead of "its not a power of two" rather than the other way around. But yeah, i don't think I care? I'm a little frightened there is no test that fails because of this, but not surprised.

Harbormaster completed remote builds in B237340: Diff 529396.Jun 7 2023, 12:55 PM

Add release note

Harbormaster completed remote builds in B237577: Diff 529714.Jun 8 2023, 1:45 PM

erichkeane accepted this revision.Jun 8 2023, 1:47 PM

This revision was landed with ongoing or failed builds.Jun 8 2023, 1:54 PM

Closed by commit rG086183c6c65f: [Clang] Add check to Sema::AddAlignedAttr to verify active bits is not out of… (authored by shafik). · Explain Why

This revision was automatically updated to reflect the committed changes.

shafik added a commit: rG086183c6c65f: [Clang] Add check to Sema::AddAlignedAttr to verify active bits is not out of….

Herald added a project: Restricted Project. · View Herald TranscriptJun 8 2023, 1:54 PM

Revision Contents

Path

Size

clang/

lib/

Sema/

SemaDeclAttr.cpp

18 lines

test/

Sema/

attr-aligned.c

4 lines

Diff 529396

clang/lib/Sema/SemaDeclAttr.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 4,467 Lines • ▼ Show 20 Lines	void Sema::AddAlignedAttr(Decl D, const AttributeCommonInfo &CI, Expr E,

// FIXME: Cache the number on the AL object?		// FIXME: Cache the number on the AL object?
llvm::APSInt Alignment;		llvm::APSInt Alignment;
ExprResult ICE = VerifyIntegerConstantExpression(		ExprResult ICE = VerifyIntegerConstantExpression(
E, &Alignment, diag::err_aligned_attribute_argument_not_int);		E, &Alignment, diag::err_aligned_attribute_argument_not_int);
if (ICE.isInvalid())		if (ICE.isInvalid())
return;		return;

		uint64_t MaximumAlignment = Sema::MaximumAlignment;
		if (Context.getTargetInfo().getTriple().isOSBinFormatCOFF())
		MaximumAlignment = std::min(MaximumAlignment, uint64_t(8192));
		if (Alignment > MaximumAlignment) {
		Diag(AttrLoc, diag::err_attribute_aligned_too_great)
		<< MaximumAlignment << E->getSourceRange();
		return;
		}

uint64_t AlignVal = Alignment.getZExtValue();		uint64_t AlignVal = Alignment.getZExtValue();
// C++11 [dcl.align]p2:		// C++11 [dcl.align]p2:
// -- if the constant expression evaluates to zero, the alignment		// -- if the constant expression evaluates to zero, the alignment
// specifier shall have no effect		// specifier shall have no effect
// C11 6.7.5p6:		// C11 6.7.5p6:
// An alignment specification of zero has no effect.		// An alignment specification of zero has no effect.
if (!(TmpAttr.isAlignas() && !Alignment)) {		if (!(TmpAttr.isAlignas() && !Alignment)) {
if (!llvm::isPowerOf2_64(AlignVal)) {		if (!llvm::isPowerOf2_64(AlignVal)) {
Diag(AttrLoc, diag::err_alignment_not_power_of_two)		Diag(AttrLoc, diag::err_alignment_not_power_of_two)
<< E->getSourceRange();		<< E->getSourceRange();
return;		return;
}		}
}		}

uint64_t MaximumAlignment = Sema::MaximumAlignment;
if (Context.getTargetInfo().getTriple().isOSBinFormatCOFF())
MaximumAlignment = std::min(MaximumAlignment, uint64_t(8192));
if (AlignVal > MaximumAlignment) {
Diag(AttrLoc, diag::err_attribute_aligned_too_great)
<< MaximumAlignment << E->getSourceRange();
return;
}

const auto *VD = dyn_cast<VarDecl>(D);		const auto *VD = dyn_cast<VarDecl>(D);
		erichkeaneUnsubmitted Done Reply Inline Actions What is the purpose of using 'ActiveBits' here? Why is this not a sub-set of the operator `>` from below? That is, 'ActiveBits' allows for 0xFF when the 'MaxValue' is 0x80 (top bit set), but the operator > would have caught that anyway, right? Also, how does 'ActiveBits' work with negative numbers? erichkeane: What is the purpose of using 'ActiveBits' here? Why is this not a sub-set of the operator `>`…
if (VD) {		if (VD) {
unsigned MaxTLSAlign =		unsigned MaxTLSAlign =
Context.toCharUnitsFromBits(Context.getTargetInfo().getMaxTLSAlign())		Context.toCharUnitsFromBits(Context.getTargetInfo().getMaxTLSAlign())
		erichkeaneUnsubmitted Done Reply Inline Actions So looking more closely, THIS is the problem right here. I think we probably should just be storing `MaximumAlignment` and `AlignVal` as an llvm::APInt and just do the comparison on `APInt`, rather than try to be tricky with the bits here. Basically, don't extract the 'Alignment' from the `APInt` until after the test for >. erichkeane: So looking more closely, THIS is the problem right here. I think we probably should just be…
		aaron.ballmanUnsubmitted Done Reply Inline Actions You're correct that this is the cause of the assertion, which happens when `Alignment` can't fit in a `uint64_t`. It took me a minute to see what you meant, but I agree, we can test whether `Alignment < MaximumAlignment` and rely on the fact that `MaximumAlignment` will be representable in a 64-bit integer. I think I led @shafik astray with a comment I made on the issue. aaron.ballman: You're correct that this is the cause of the assertion, which happens when `Alignment` can't…
.getQuantity();		.getQuantity();
if (MaxTLSAlign && AlignVal > MaxTLSAlign &&		if (MaxTLSAlign && AlignVal > MaxTLSAlign &&
VD->getTLSKind() != VarDecl::TLS_None) {		VD->getTLSKind() != VarDecl::TLS_None) {
Diag(VD->getLocation(), diag::err_tls_var_aligned_over_maximum)		Diag(VD->getLocation(), diag::err_tls_var_aligned_over_maximum)
<< (unsigned)AlignVal << VD << MaxTLSAlign;		<< (unsigned)AlignVal << VD << MaxTLSAlign;
return;		return;
}		}
}		}
▲ Show 20 Lines • Show All 5,374 Lines • Show Last 20 Lines

clang/test/Sema/attr-aligned.c

	// RUN: %clang_cc1 -triple i386-apple-darwin9 -fsyntax-only -verify %s			// RUN: %clang_cc1 -triple x86_64-apple-darwin9 -fsyntax-only -verify %s
				shafikAuthorUnsubmitted Done Reply Inline Actions The previous triple did not support `__int128_t` shafik: The previous triple did not support `__int128_t`

	int x __attribute__((aligned(3))); // expected-error {{requested alignment is not a power of 2}}			int x __attribute__((aligned(3))); // expected-error {{requested alignment is not a power of 2}}
	int y __attribute__((aligned(1ull << 33))); // expected-error {{requested alignment must be 4294967296 bytes or smaller}}			int y __attribute__((aligned(1ull << 33))); // expected-error {{requested alignment must be 4294967296 bytes or smaller}}
	int y __attribute__((aligned(1ull << 32)));			int y __attribute__((aligned(1ull << 32)));
				// GH50534
				int z __attribute__((aligned((__int128_t)0x1234567890abcde0ULL << 64))); // expected-error {{requested alignment must be 4294967296 bytes or smaller}}

	// PR26444			// PR26444
	int y __attribute__((aligned(1 << 29)));			int y __attribute__((aligned(1 << 29)));
	int y __attribute__((aligned(1 << 28)));			int y __attribute__((aligned(1 << 28)));

	// PR3254			// PR3254
	short g0[3] __attribute__((aligned));			short g0[3] __attribute__((aligned));
	short g0_chk[__alignof__(g0) == 16 ? 1 : -1];			short g0_chk[__alignof__(g0) == 16 ? 1 : -1];
	▲ Show 20 Lines • Show All 49 Lines • Show Last 20 Lines