This is an archive of the discontinued LLVM Phabricator instance.

Differential D32406

[Coverage][Windows] Null pointer dereference in CodeGenPGO::skipRegionMappingForDecl (fixes PR32761)
ClosedPublic

Authored by adamf on Apr 23 2017, 1:56 PM.

Details

Reviewers
None
Commits
rGbc370f0c1808: [Coverage] Avoid null deref in skipRegionMappingForDecl (fixes PR32761)
rC301249: [Coverage] Avoid null deref in skipRegionMappingForDecl (fixes PR32761)
rL301249: [Coverage] Avoid null deref in skipRegionMappingForDecl (fixes PR32761)
Summary

In function CodeGenPGO::skipRegionMappingForDecl there is possible NULL pointer dereference on line:
auto Loc = D->getBody()->getLocStart();
Value returned by getBody may be NULL.
In corresponding test it happens during processing the virtual destructor ~A.

(minor)
The variable SkipCoverageMapping in the same function is always false. We can remove it.

Diff Detail

Repository
rL LLVM

Event Timeline

adamf created this revision.Apr 23 2017, 1:56 PM
adamf removed a reviewer: cfe-commits.Apr 23 2017, 1:59 PM
adamf added a subscriber: cfe-commits.
vsk added a subscriber: vsk.Apr 24 2017, 11:01 AM
vsk added a comment.Apr 24 2017, 11:13 AM

Thanks for your patch! I have a few requests.

First, please split off the SkipCoverageMapping change from this patch. If you don't have commit access yet, let me know and I can commit it for you. You can also ping Chris L for commit access.

Second, the test can be minimized a bit further. Here's what I got:

// RUN: %clang_cc1 -cc1 -triple i686-pc-windows-msvc19.0.0 -emit-obj -fprofile-instrument=clang -fdelayed-template-parsing -fcoverage-mapping -dump-coverage-mapping -emit-llvm-only -main-file-name empty-destructor.cpp -o - %s
                                                                                                                                                                                                                                                                                                                              
struct A {                                                                                                                                                                                                                                                                                                                    
  virtual ~A();                                                                                                                                                                                                                                                                                                               
};                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                              
void PR32761() {                                                                                                                                                                                                                                                                                                              
  A a;                                                                                                                                                                                                                                                                                                                        
}
rnk added a comment.Apr 24 2017, 12:36 PM
In D32406#735725, @vsk wrote:

// RUN: %clang_cc1 -cc1 -triple i686-pc-windows-msvc19.0.0 -emit-obj -fprofile-instrument=clang -fdelayed-template-parsing -fcoverage-mapping -dump-coverage-mapping -emit-llvm-only -main-file-name empty-destructor.cpp -o - %s

This is probably closer to a minimal command line:
%clang_cc1 -triple i686-windows -emit-llvm-only -fcoverage-mapping -dump-coverage-mapping %s

Is there something we can FileCheck in the IR?

rnk added a comment.Apr 24 2017, 12:50 PM
In D32406#735725, @vsk wrote:

First, please split off the SkipCoverageMapping change from this patch. If you don't have commit access yet, let me know and I can commit it for you. You can also ping Chris L for commit access.

Are you sure you want to do that? This is the only use of this boolean.

adamf updated this revision to Diff 96454.Apr 24 2017, 1:24 PM

Thanks for your comments!

Updated test case according to @vsk comment about test case reduction.

@rnk, your compilation command probably exposes another issue (with your compilation command the test still failure). I don't have time to analyze it now.

I don't have write access to svn so if you think this change is ok please commit it.

vsk added a comment.Apr 24 2017, 1:54 PM

Are you sure you want to do that? This is the only use of this boolean.

IMO removing 'SkipCoverageMapping' isn't related to fixing the original bug. Since it's simple enough to make it a separate change, I thought it'd be best.

In D32406#735847, @rnk wrote:
In D32406#735725, @vsk wrote:

// RUN: %clang_cc1 -cc1 -triple i686-pc-windows-msvc19.0.0 -emit-obj -fprofile-instrument=clang -fdelayed-template-parsing -fcoverage-mapping -dump-coverage-mapping -emit-llvm-only -main-file-name empty-destructor.cpp -o - %s

This is probably closer to a minimal command line:
%clang_cc1 -triple i686-windows -emit-llvm-only -fcoverage-mapping -dump-coverage-mapping %s

I'll go with this. @adamf this is just missing '-fprofile-instrument=clang', otherwise it's fine.

Is there something we can FileCheck in the IR?

Absolutely, I'll add in the checks.

Closed by commit rL301249: [Coverage] Avoid null deref in skipRegionMappingForDecl (fixes PR32761) (authored by vedantk). · Explain WhyApr 24 2017, 2:05 PM
This revision was automatically updated to reflect the committed changes.
Diffusion mentioned this in rL306883: [Profile] Do not assign counters to functions without bodies.Jun 30 2017, 2:02 PM

Revision Contents

PathSize
cfe/
trunk/
lib/
CodeGen/
3 lines
test/
CoverageMapping/
11 lines

Diff 96467

cfe/trunk/lib/CodeGen/CodeGenPGO.cpp

Show First 20 LinesShow All 663 Lines▼ Show 20 Linesvoid CodeGenPGO::mapRegionCounters(const Decl *D) {
NumRegionCounters = Walker.NextCounter; NumRegionCounters = Walker.NextCounter;
FunctionHash = Walker.Hash.finalize(); FunctionHash = Walker.Hash.finalize();
} }
bool CodeGenPGO::skipRegionMappingForDecl(const Decl *D) { bool CodeGenPGO::skipRegionMappingForDecl(const Decl *D) {
if (SkipCoverageMapping) if (SkipCoverageMapping)
return true; return true;
if (!D->getBody())
return true;
// Don't map the functions in system headers. // Don't map the functions in system headers.
const auto &SM = CGM.getContext().getSourceManager(); const auto &SM = CGM.getContext().getSourceManager();
auto Loc = D->getBody()->getLocStart(); auto Loc = D->getBody()->getLocStart();
return SM.isInSystemHeader(Loc); return SM.isInSystemHeader(Loc);
} }
void CodeGenPGO::emitCounterRegionMapping(const Decl *D) { void CodeGenPGO::emitCounterRegionMapping(const Decl *D) {
if (skipRegionMappingForDecl(D)) if (skipRegionMappingForDecl(D))
▲ Show 20 LinesShow All 229 LinesShow Last 20 Lines

cfe/trunk/test/CoverageMapping/empty-destructor.cpp

// RUN: %clang_cc1 -triple i686-windows -emit-llvm-only -fcoverage-mapping -dump-coverage-mapping -fprofile-instrument=clang %s | FileCheck %s
struct A {
virtual ~A();
};
// CHECK: ?PR32761@@YAXXZ:
// CHECK-NEXT: File 0, [[@LINE+1]]:16 -> [[@LINE+3]]:2 = #0
void PR32761() {
A a;
}