This is an archive of the discontinued LLVM Phabricator instance.

Differential D158296

[clang] Diagnose overly complex Record in __builtin_dump_struct
Needs ReviewPublic

Authored by yronglin on Aug 18 2023, 10:40 AM.

Details

Reviewers
aaron.ballman
dblaikie

Diff Detail

Event Timeline

yronglin created this revision.Aug 18 2023, 10:40 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 18 2023, 10:40 AM
Herald added a subscriber: arphaman. · View Herald Transcript
yronglin requested review of this revision.Aug 18 2023, 10:40 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 18 2023, 10:40 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
yronglin edited the summary of this revision. (Show Details)Aug 18 2023, 10:42 AM
yronglin added reviewers: aaron.ballman, dblaikie.
yronglin mentioned this in D154784: [clang] Fix crash caused by PseudoObjectExprBitfields::NumSubExprs overflow.
yronglin retitled this revision from [Clang] Add assertion to check the value of NumSubExprs/ResultIndex does not overflow to [NFC][Clang] Add assertion to check the value of NumSubExprs/ResultIndex does not overflow.Aug 18 2023, 10:44 AM
dblaikie added a comment.Aug 18 2023, 12:16 PM

Hopefully my clarification on https://reviews.llvm.org/D154784#inline-1531176 makes it clear that assertions aren't necessarily the right tool here - as this path is reachable with actual code & I don't think we should allow that code to reach UB in the compiler in a non-assertionsn build. If we think this is a sufficient size to support, then we should error clearly even in a non-assertions build.

Harbormaster completed remote builds in B253532: Diff 551566.Aug 18 2023, 12:38 PM
yronglin updated this revision to Diff 554770.Aug 30 2023, 10:25 AM

Addres the comments that we talked in D154784.

yronglin retitled this revision from [NFC][Clang] Add assertion to check the value of NumSubExprs/ResultIndex does not overflow to [clang] Diagnose overly complex Record in __builtin_dump_struct.Aug 30 2023, 10:29 AM
yronglin edited the summary of this revision. (Show Details)
aaron.ballman added a comment.Aug 30 2023, 10:55 AM

The changes generally LGTM, thank you!

clang/lib/Sema/SemaChecking.cpp
732–733

This will correctly handle diagnosing a gigantic anonymous struct.

rsmith added a subscriber: rsmith.Aug 30 2023, 2:23 PM
rsmith added inline comments.
clang/lib/Sema/SemaChecking.cpp
732–733

Producing an error here seems likely to eventually cause problems in practice for some users: people are using __builtin_dump_struct in generic code for reflection purposes, not just for debugging, and this will cause us to start rejecting complex generic code.

Instead of rejecting, can we produce a tree of PseudoObjectExprs if we have too many steps to store in a single expression?

aaron.ballman added inline comments.Aug 31 2023, 5:58 AM
clang/lib/Sema/SemaChecking.cpp
732–733

Producing an error here seems likely to eventually cause problems in practice for some users: people are using __builtin_dump_struct in generic code for reflection purposes, not just for debugging, and this will cause us to start rejecting complex generic code.

Instead of rejecting, can we produce a tree of PseudoObjectExprs if we have too many steps to store in a single expression?

I think that requires wider discussion -- I don't think __builtin_dump_struct is a reasonable interface we want to support for reflection (in fact, I'd argue it's an explicit non-goal, the same as reflection via -ast-dump). Compile-time reflection is something we're likely to need to support more intentionally and I don't think we're going to want to use this as an interface for it or have to maintain it as a reflection tool long-term. As such, I think producing a tree of PseudoObjectExprs is overkill; you can quote me on this a few years from now when we're laughing at its quaintness, but "16k fields of debug output is enough for anyone" for a debugging interface.

(That said, I think we should be considering what support we want to add to the compiler for reflection in service of the work being done in WG21 on the topic -- if __builtin_dump_struct is being used for reflection in practice, it would be nice to give people a supported, more ergonomic interface for it that we can use for a future version of C++.)

rsmith added inline comments.Aug 31 2023, 3:03 PM
clang/lib/Sema/SemaChecking.cpp
732–733

The bug report https://github.com/llvm/llvm-project/issues/63169 was encountered by a user hitting the previous 256-element limit in practice when using __builtin_dump_struct for reflection. I don't think we can reasonably prevent that from happening, other than -- as you say -- encouraging WG21 to give us a real reflection design we can implement.

yronglin updated this revision to Diff 555376.Sep 1 2023, 7:50 AM

Address Aaron's comments.

yronglin marked 4 inline comments as done.Sep 1 2023, 7:52 AM

Thank you for your review @aaron.ballman @rsmith , I will be happy to continue cook this patch once we reach a consensus.

clang/lib/Sema/SemaChecking.cpp
732–733

fixed.

Harbormaster completed remote builds in B256264: Diff 555376.Sep 1 2023, 8:18 AM
dblaikie added inline comments.Sep 15 2023, 12:55 PM
clang/lib/Sema/SemaChecking.cpp
732–733

@rsmith what do you think we should do now? Support even larger values than uint16_t worth? (the tree PseudoObjectExpr suggestion you made?)

If we did make the uint16_t limit stand - perhaps that'd apply pressure to folks who have been using this for RTTI to consider other options - it wouldn't break any existing code (that's not already broken in clang, at least - with the overflow stuff happening) but might put pressure on further growth of such techniques?

dblaikie added a comment.Sep 25 2023, 4:18 PM

@rsmith ping on this thread - wondering what you'd prefer the direction be here

Revision Contents

PathSize
clang/
include/
clang/
Basic/
3 lines
lib/
Sema/
10 lines
test/
SemaCXX/
19 lines

Diff 554770

clang/include/clang/Basic/DiagnosticSemaKinds.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 10,170 Lines▼ Show 20 Linesdef err_builtin_longjmp_unsupported : Error<
"__builtin_longjmp is not supported for the current target">; "__builtin_longjmp is not supported for the current target">;
def err_builtin_setjmp_unsupported : Error< def err_builtin_setjmp_unsupported : Error<
"__builtin_setjmp is not supported for the current target">; "__builtin_setjmp is not supported for the current target">;
def err_builtin_longjmp_invalid_val : Error< def err_builtin_longjmp_invalid_val : Error<
"argument to __builtin_longjmp must be a constant 1">; "argument to __builtin_longjmp must be a constant 1">;
def err_builtin_requires_language : Error<"'%0' is only available in %1">; def err_builtin_requires_language : Error<"'%0' is only available in %1">;
def err_builtin_dump_struct_too_complex : Error<
"%select{class|struct|union}0 '%1' is too complex to dump">;
def err_constant_integer_arg_type : Error< def err_constant_integer_arg_type : Error<
"argument to %0 must be a constant integer">; "argument to %0 must be a constant integer">;
def ext_mixed_decls_code : Extension< def ext_mixed_decls_code : Extension<
"mixing declarations and code is a C99 extension">, "mixing declarations and code is a C99 extension">,
InGroup<DeclarationAfterStatement>; InGroup<DeclarationAfterStatement>;
def warn_mixed_decls_code : Warning< def warn_mixed_decls_code : Warning<
"mixing declarations and code is incompatible with standards before C99">, "mixing declarations and code is incompatible with standards before C99">,
▲ Show 20 LinesShow All 1,782 LinesShow Last 20 Lines

clang/lib/Sema/SemaChecking.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 718 Lines▼ Show 20 Linesstatic ExprResult SemaBuiltinDumpStruct(Sema &S, CallExpr *TheCall) {
// incorrect '&s->n'. // incorrect '&s->n'.
Expr *PtrArg = PtrArgResult.get(); Expr *PtrArg = PtrArgResult.get();
PtrArg = new (S.Context) PtrArg = new (S.Context)
ParenExpr(PtrArg->getBeginLoc(), ParenExpr(PtrArg->getBeginLoc(),
S.getLocForEndOfToken(PtrArg->getEndLoc()), PtrArg); S.getLocForEndOfToken(PtrArg->getEndLoc()), PtrArg);
if (Generator.dumpUnnamedRecord(RD, PtrArg, 0)) if (Generator.dumpUnnamedRecord(RD, PtrArg, 0))
return ExprError(); return ExprError();
// We create a `PseudoObjectExpr` as a wrapper, but the
// `PseudoObjectExprBits.NumSubExprs` in `PseudoObjectExpr` restricts its
// value to no more than std::numeric_limits<uint16_t>::max().
if (Generator.Actions.size() > std::numeric_limits<uint16_t>::max()) {
int RDKind = RD->isClass() ? 0 : (RD->isStruct() ? 1 : 2);
S.Diag(PtrArg->getBeginLoc(), diag::err_builtin_dump_struct_too_complex)
<< RDKind << RD->getName();
aaron.ballmanUnsubmitted
Done
ReplyInline Actions
int RDKind = RD->isClass() ? 0 : (RD->isStruct() ? 1 : 2);
S.Diag(PtrArg->getBeginLoc(), diag::err_builtin_dump_struct_too_complex)
- << RDKind << RD->getName();
+ << RDKind << RD;
return ExprError();

This will correctly handle diagnosing a gigantic anonymous struct.

aaron.ballman: This will correctly handle diagnosing a gigantic anonymous struct.
rsmithUnsubmitted
Done
ReplyInline Actions

Producing an error here seems likely to eventually cause problems in practice for some users: people are using __builtin_dump_struct in generic code for reflection purposes, not just for debugging, and this will cause us to start rejecting complex generic code.

Instead of rejecting, can we produce a tree of PseudoObjectExprs if we have too many steps to store in a single expression?

rsmith: Producing an error here seems likely to eventually cause problems in practice for some users…
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Producing an error here seems likely to eventually cause problems in practice for some users: people are using __builtin_dump_struct in generic code for reflection purposes, not just for debugging, and this will cause us to start rejecting complex generic code.

Instead of rejecting, can we produce a tree of PseudoObjectExprs if we have too many steps to store in a single expression?

I think that requires wider discussion -- I don't think __builtin_dump_struct is a reasonable interface we want to support for reflection (in fact, I'd argue it's an explicit non-goal, the same as reflection via -ast-dump). Compile-time reflection is something we're likely to need to support more intentionally and I don't think we're going to want to use this as an interface for it or have to maintain it as a reflection tool long-term. As such, I think producing a tree of PseudoObjectExprs is overkill; you can quote me on this a few years from now when we're laughing at its quaintness, but "16k fields of debug output is enough for anyone" for a debugging interface.

(That said, I think we should be considering what support we want to add to the compiler for reflection in service of the work being done in WG21 on the topic -- if __builtin_dump_struct is being used for reflection in practice, it would be nice to give people a supported, more ergonomic interface for it that we can use for a future version of C++.)

aaron.ballman: > Producing an error here seems likely to eventually cause problems in practice for some users…
rsmithUnsubmitted
Done
ReplyInline Actions

The bug report https://github.com/llvm/llvm-project/issues/63169 was encountered by a user hitting the previous 256-element limit in practice when using __builtin_dump_struct for reflection. I don't think we can reasonably prevent that from happening, other than -- as you say -- encouraging WG21 to give us a real reflection design we can implement.

rsmith: The bug report https://github.com/llvm/llvm-project/issues/63169 was encountered by a user…
dblaikieUnsubmitted
Not Done
ReplyInline Actions

@rsmith what do you think we should do now? Support even larger values than uint16_t worth? (the tree PseudoObjectExpr suggestion you made?)

If we did make the uint16_t limit stand - perhaps that'd apply pressure to folks who have been using this for RTTI to consider other options - it wouldn't break any existing code (that's not already broken in clang, at least - with the overflow stuff happening) but might put pressure on further growth of such techniques?

dblaikie: @rsmith what do you think we should do now? Support even larger values than uint16_t worth?
yronglinAuthorUnsubmitted
Done
ReplyInline Actions

fixed.

yronglin: fixed.
return ExprError();
}
return Generator.buildWrapper(); return Generator.buildWrapper();
} }
static bool SemaBuiltinCallWithStaticChain(Sema &S, CallExpr *BuiltinCall) { static bool SemaBuiltinCallWithStaticChain(Sema &S, CallExpr *BuiltinCall) {
if (checkArgCount(S, BuiltinCall, 2)) if (checkArgCount(S, BuiltinCall, 2))
return true; return true;
SourceLocation BuiltinLoc = BuiltinCall->getBeginLoc(); SourceLocation BuiltinLoc = BuiltinCall->getBeginLoc();
▲ Show 20 LinesShow All 18,581 LinesShow Last 20 Lines

clang/test/SemaCXX/builtin-dump-struct.cpp

Show First 20 LinesShow All 178 Lines▼ Show 20 Lines t1 v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16,
v47, v48, v49, v50, v51, v52, v53, v54, v55, v56, v57, v58, v59, v60, v61, v47, v48, v49, v50, v51, v52, v53, v54, v55, v56, v57, v58, v59, v60, v61,
v62, v63, v64, v65, v66, v67, v68, v69, v70, v71, v72, v73, v74, v75, v76, v62, v63, v64, v65, v66, v67, v68, v69, v70, v71, v72, v73, v74, v75, v76,
v77, v78, v79, v80, v81, v82, v83, v84, v85, v86, v87, v88, v89, v90, v91, v77, v78, v79, v80, v81, v82, v83, v84, v85, v86, v87, v88, v89, v90, v91,
v92, v93, v94, v95, v96, v97, v98, v99; v92, v93, v94, v95, v96, v97, v98, v99;
}; };
int printf(const char *, ...); int printf(const char *, ...);
void f1(t2 w) { __builtin_dump_struct(&w, printf); } void f1(t2 w) { __builtin_dump_struct(&w, printf); }
struct t3 { };
template<typename T1>
struct templ {
T1 v1;
T1 v2;
T1 v3;
T1 v4;
};
struct t4 {
templ<templ<templ<templ<templ<templ<t3>>>>>> c0;
templ<templ<templ<templ<templ<templ<t3>>>>>> c1;
templ<templ<templ<templ<templ<templ<t3>>>>>> c2;
};
void aj(...);
void f2(t4 w) { __builtin_dump_struct(&w, aj); } // expected-error{{struct 't4' is too complex to dump}}