This is an archive of the discontinued LLVM Phabricator instance.

Differential D158557

[clang] Fix crash in __builtin_strncmp and other related builtin functions
ClosedPublic

Authored by shafik on Aug 22 2023, 2:30 PM.

Details

Reviewers
aaron.ballman
erichkeane
davide
rsmith
Commits
rG33b6b674620d: [clang] Fix crash in __builtin_strncmp and other related builtin functions
Summary

The implementation of __builtin_strncmp and other related builtins function use getExtValue() to evaluate the size argument. This can cause a crash when the value does not fit into an int64_t value, which is can be expected since the type of the argument is size_t.

The fix is to switch to using getZExtValue().

This fixes:

https://github.com/llvm/llvm-project/issues/64876

Diff Detail

Unit TestsFailed

TimeTest
82,580 msclang CI - Running libc++ test suite with Clang Modules > llvm-libc++-shared-cfg-in.llvm-libc++-shared-cfg-in::/var/lib/buildkite-agent/builds/llvm-project/build/generic-modules/test/libcxx/clang_modules_include.gen.py/__std_clang_module.compile.pass.mm

Event Timeline

shafik created this revision.Aug 22 2023, 2:30 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 22 2023, 2:30 PM
shafik requested review of this revision.Aug 22 2023, 2:30 PM
erichkeane added a comment.Aug 22 2023, 2:34 PM

Are there any Sema tests we can add to show that we warn/diagnose/SOMETHING on these? If someone passes a negative size, we should probably at least do the warning that it was converted/truncated.

clang/lib/AST/ExprConstant.cpp
9357

Context missing throughout

Harbormaster completed remote builds in B254198: Diff 552507.Aug 22 2023, 2:56 PM
shafik updated this revision to Diff 552516.Aug 22 2023, 3:21 PM
  • Diff w/ context
shafik updated this revision to Diff 552518.Aug 22 2023, 3:25 PM

-Updated values used in test

shafik added a comment.Aug 22 2023, 3:28 PM
In D158557#4608262, @erichkeane wrote:

Are there any Sema tests we can add to show that we warn/diagnose/SOMETHING on these? If someone passes a negative size, we should probably at least do the warning that it was converted/truncated.

The arguments have type size_t so using -Wsign-conversion would warn for the previous value but that is not really the point of the fix, which is why I updated the value to clarify.

shafik marked an inline comment as done.Aug 22 2023, 3:28 PM
Harbormaster completed remote builds in B254205: Diff 552518.Aug 22 2023, 3:57 PM
aaron.ballman added a comment.Aug 23 2023, 10:42 AM

Precommit CI found issues that should be addressed, but otherwise the changes LGTM. You should add a release note for the fix, though!

erichkeane added a comment.Aug 23 2023, 10:45 AM

I think there is value to ensuring we diagnose the negative-to-size_t conversion here, but I also think there is value to a CodeGen test to ensure we emit the correct value.

shafik updated this revision to Diff 553195.Aug 24 2023, 10:51 AM
  • Silence -Wconstant-conversion warning in test
erichkeane added a comment.Aug 24 2023, 10:55 AM

Still think a codegen test for this example is VERY valuable here.

clang/test/SemaCXX/constexpr-string.cpp
681

rather than suppress these, it makes sense to me to just mark them expected-warning.

shafik added inline comments.Aug 24 2023, 11:17 AM
clang/test/SemaCXX/constexpr-string.cpp
681

It depends on the size of size_t whether I get this diagnostic or not.

aaron.ballman added inline comments.Aug 24 2023, 12:22 PM
clang/test/SemaCXX/constexpr-string.cpp
681

Given that the point to this test isn't to test constant conversion behavior but is testing boundary cases where you'll get those diagnostics, I think suppressing the warnings is fine.

Harbormaster completed remote builds in B254675: Diff 553195.Aug 24 2023, 12:33 PM
shafik updated this revision to Diff 553270.Aug 24 2023, 2:48 PM
shafik marked 2 inline comments as done.
  • Add codegen test
Harbormaster completed remote builds in B254730: Diff 553270.Aug 24 2023, 4:51 PM
aaron.ballman accepted this revision.Aug 25 2023, 5:12 AM

LGTM but the changes need to be landed with a release note.

This revision is now accepted and ready to land.Aug 25 2023, 5:12 AM
erichkeane added a comment.Aug 25 2023, 7:23 AM

I suggest doing the -511LL value from the original bug report in the tests as well, else, fine to me.

erichkeane requested changes to this revision.Aug 25 2023, 7:23 AM

Ah, wait, still no release note!

This revision now requires changes to proceed.Aug 25 2023, 7:23 AM
erichkeane accepted this revision.Aug 25 2023, 7:39 AM

I see aaron mentioned the release note and is ok with it happening on commit, so I'll undo my 'needs revision'.

This revision is now accepted and ready to land.Aug 25 2023, 7:39 AM
shafik updated this revision to Diff 553601.Aug 25 2023, 1:39 PM
  • Extended constexpr-string.cpp test
  • Added release notes
erichkeane accepted this revision.Aug 25 2023, 1:41 PM

Still LGTM.

This revision was landed with ongoing or failed builds.Aug 25 2023, 1:55 PM
Closed by commit rG33b6b674620d: [clang] Fix crash in __builtin_strncmp and other related builtin functions (authored by shafik). · Explain Why
This revision was automatically updated to reflect the committed changes.
shafik added a commit: rG33b6b674620d: [clang] Fix crash in __builtin_strncmp and other related builtin functions.
Herald added a project: Restricted Project. · View Herald TranscriptAug 25 2023, 1:55 PM
Harbormaster completed remote builds in B254980: Diff 553601.Aug 25 2023, 4:20 PM
shafik mentioned this in D156711: [clang][ExprConstant] Fix assertion failure in constant expression folding.Sep 21 2023, 11:35 AM

Revision Contents

PathSize
clang/
lib/
AST/
4 lines
test/
SemaCXX/
11 lines

Diff 552507

clang/lib/AST/ExprConstant.cpp

Context not available.
APSInt N; APSInt N;
erichkeaneUnsubmitted
Done
ReplyInline Actions

Context missing throughout

erichkeane: Context missing throughout
if (!EvaluateInteger(E->getArg(2), N, Info)) if (!EvaluateInteger(E->getArg(2), N, Info))
return false; return false;
MaxLength = N.getExtValue(); MaxLength = N.getZExtValue();
} }
// We cannot find the value if there are no candidates to match against. // We cannot find the value if there are no candidates to match against.
if (MaxLength == 0u) if (MaxLength == 0u)
Context not available.
APSInt N; APSInt N;
if (!EvaluateInteger(E->getArg(2), N, Info)) if (!EvaluateInteger(E->getArg(2), N, Info))
return false; return false;
MaxLength = N.getExtValue(); MaxLength = N.getZExtValue();
} }
// Empty substrings compare equal by definition. // Empty substrings compare equal by definition.
Context not available.

clang/test/SemaCXX/constexpr-string.cpp

Context not available.
} }
static_assert(test_address_of_incomplete_struct_type()); // expected-error {{constant}} expected-note {{in call}} static_assert(test_address_of_incomplete_struct_type()); // expected-error {{constant}} expected-note {{in call}}
} }
namespace GH64876 {
void f() {
erichkeaneUnsubmitted
Done
ReplyInline Actions

rather than suppress these, it makes sense to me to just mark them expected-warning.

erichkeane: rather than suppress these, it makes sense to me to just mark them expected-warning.
shafikAuthorUnsubmitted
Done
ReplyInline Actions

It depends on the size of size_t whether I get this diagnostic or not.

shafik: It depends on the size of `size_t` whether I get this diagnostic or not.
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Given that the point to this test isn't to test constant conversion behavior but is testing boundary cases where you'll get those diagnostics, I think suppressing the warnings is fine.

aaron.ballman: Given that the point to this test isn't to test constant conversion behavior but is testing…
__builtin_strncmp(0, 0, -511LL);
__builtin_memcmp(0, 0, -511LL);
__builtin_bcmp(0, 0, -511LL);
__builtin_wmemcmp(0, 0, -511LL);
__builtin_memchr((const void*)0, 1, -511LL);
__builtin_wmemchr((const wchar_t*)0, 1, -511LL);
}
}
Context not available.