This is an archive of the discontinued LLVM Phabricator instance.

Differential D52750

[Diagnostics] Check for integer overflow in array size expressions
ClosedPublic

Authored by xbolva00 on Oct 1 2018, 2:27 PM.

Details

Reviewers
rsmith
Rakete1111
Commits
rG3b6ae57654a5: [Diagnostics] Check for integer overflow in array size expressions
rC344759: [Diagnostics] Check for integer overflow in array size expressions
rL344759: [Diagnostics] Check for integer overflow in array size expressions
Summary

Fixes PR27439

Diff Detail

Repository
rL LLVM

Event Timeline

xbolva00 created this revision.Oct 1 2018, 2:27 PM
Herald added a subscriber: cfe-commits. · View Herald TranscriptOct 1 2018, 2:27 PM
xbolva00 added a comment.Oct 1 2018, 2:36 PM

Seems it crashes with test suite. Looking at it.

xbolva00 updated this revision to Diff 167835.Oct 1 2018, 2:44 PM

Fixed crash

rsmith added a comment.Oct 1 2018, 2:52 PM

We're going to try evaluating the array size anyway (in isArraySizeVLA). It would be much better to produce the overflow warnings as part of that evaluation rather than adding an extra evaluation step to produce them.

xbolva00 updated this revision to Diff 167840.Oct 1 2018, 3:07 PM
  • Move code as suggested
rsmith added a comment.Oct 1 2018, 3:13 PM

This is still evaluating the expression twice. To evaluate it only once, you'll need to sink the checks into Sema::VerifyIntegerConstantExpression's call to EvaluateKnownConstInt. (That should also remove the redundant diagnostics noise in the language modes where signed overflow renders an expression non-constant.)

xbolva00 added a comment.Oct 1 2018, 5:09 PM

I have not found a way yet since EvaluateForOverflow returns nothing so I don't know how to check whether there was overflow or not.

Uploaded alternative patch which passes test suite and has no double warning issue.

xbolva00 updated this revision to Diff 167857.Oct 1 2018, 5:10 PM
xbolva00 updated this revision to Diff 167858.

fixed extra new line

xbolva00 added inline comments.Oct 2 2018, 4:22 AM
lib/Sema/SemaType.cpp
2231 ↗(On Diff #167858)

@rsmith what about this place for check?

xbolva00 added a comment.Oct 6 2018, 2:27 AM

Ping :)

Rakete1111 added a subscriber: Rakete1111.Oct 6 2018, 10:47 AM
Rakete1111 added inline comments.
lib/Sema/SemaType.cpp
2232 ↗(On Diff #167858)

What's up with this statement? Why is it needed? This won't handle overflows for unary expression for example.

xbolva00 added inline comments.Oct 6 2018, 10:58 AM
lib/Sema/SemaType.cpp
2232 ↗(On Diff #167858)

Ok, I should use Sema::CheckForIntOverflow

But anyway, CheckForIntOverflow does not care about UnaryOperator either currently :)

xbolva00 updated this revision to Diff 168575.Oct 6 2018, 11:03 AM
  • Use Sema::CheckForIntOverflow
xbolva00 added inline comments.Oct 6 2018, 11:07 AM
lib/Sema/SemaType.cpp
2232 ↗(On Diff #167858)

Anyway, the negative array size is handled a few lines above.

xbolva00 added a comment.Oct 11 2018, 3:08 AM

@Rakete1111 plesse take a look :)

Rakete1111 added a comment.Oct 11 2018, 3:35 AM

The array size is still evaluated twice. Try to incorporate the check in Sema::VerifyIntegerConstantExpression.

xbolva00 added a comment.Oct 11 2018, 4:12 AM

Thanks!

But I think I need to change EvaluateForOverflow method to return bool to indicate overflowing.

Rakete1111 added a comment.Oct 11 2018, 4:36 AM

Nah, you don't even need to call EvaluateForOverflow I believe. :) Have a look overflow evaluation is done.

xbolva00 added a comment.Oct 11 2018, 1:49 PM
In D52750#1261746, @Rakete1111 wrote:

Nah, you don't even need to call EvaluateForOverflow I believe. :) Have a look overflow evaluation is done.

Well..

if (!getLangOpts().CPlusPlus11 && E->isIntegerConstantExpr(Context)) {
  if (Result) {
    *Result = E->EvaluateKnownConstInt(Context); // here

}

and
char a[2147483642 * 3];

Result->getBitWidth() reports 32. I don't know how to detect there if overflow or not :/ I have already spent some time to solve this, but still no good solution. Possibly I would abandon this patch.

rsmith added inline comments.Oct 11 2018, 3:45 PM
lib/Sema/SemaType.cpp
2231 ↗(On Diff #167858)

This is still evaluating the expression twice. To avoid that, you need to change the existing code that calls the evaluator to ask it to produce overflow warnings as a side-effect rather than adding a new call to CheckForIntOverflow.

xbolva00 updated this revision to Diff 169407.Oct 12 2018, 8:16 AM
  • check for overflow when evaluating
xbolva00 updated this revision to Diff 169408.Oct 12 2018, 8:17 AM
xbolva00 updated this revision to Diff 169409.
  • Undo extra newline
Rakete1111 added a comment.Oct 12 2018, 8:30 AM

This doesn't produce a warning in C++11 and up.

xbolva00 added a comment.EditedOct 12 2018, 8:35 AM
In D52750#1263461, @Rakete1111 wrote:

This doesn't produce a warning in C++11 and up.

But see Richard's comment: https://reviews.llvm.org/D52750#125175 so I am not sure :/

Rakete1111 added a comment.Oct 12 2018, 8:39 AM
In D52750#1263466, @xbolva00 wrote:
In D52750#1263461, @Rakete1111 wrote:

This doesn't produce a warning in C++11 and up.

But see Richard's comment: https://reviews.llvm.org/D52750#125175 so I am not sure :/

I guess I can see why it makes sense to suppress the warning in those cases. Sorry.

xbolva00 added a comment.Oct 12 2018, 8:46 AM

That's fine :) btw, thanks for review comments!

Hopefully, this solution would be now acceptable :)

rsmith added a comment.Oct 12 2018, 6:28 PM

Yeah, this looks better.

Though this really highlights that the "warn on undefined behavior" behavior of the constant evaluator should be orthogonal to the evaluation mode... we don't really need/want to evaluate past a side-effect or non-constant expression here.

xbolva00 added a comment.Oct 13 2018, 12:09 AM
This comment was removed by xbolva00.
xbolva00 added a comment.Oct 16 2018, 3:23 PM

Reping :)

xbolva00 added a reviewer: Rakete1111.Oct 18 2018, 7:56 AM
rsmith accepted this revision.Oct 18 2018, 1:03 PM

We can leave the cleanup of the expression evaluator to another change.

This revision is now accepted and ready to land.Oct 18 2018, 1:03 PM
Closed by commit rL344759: [Diagnostics] Check for integer overflow in array size expressions (authored by xbolva00). · Explain WhyOct 18 2018, 1:51 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: llvm-commits. · View Herald TranscriptOct 18 2018, 1:51 PM

Revision Contents

PathSize
cfe/
trunk/
include/
clang/
AST/
9 lines
lib/
AST/
13 lines
Sema/
2 lines
test/
Sema/
3 lines

Diff 170119

cfe/trunk/include/clang/AST/Expr.h

Show First 20 LinesShow All 625 Lines▼ Show 20 Linespublic:
/// Determine whether this expression involves a call to any function /// Determine whether this expression involves a call to any function
/// that is not trivial. /// that is not trivial.
bool hasNonTrivialCall(const ASTContext &Ctx) const; bool hasNonTrivialCall(const ASTContext &Ctx) const;
/// EvaluateKnownConstInt - Call EvaluateAsRValue and return the folded /// EvaluateKnownConstInt - Call EvaluateAsRValue and return the folded
/// integer. This must be called on an expression that constant folds to an /// integer. This must be called on an expression that constant folds to an
/// integer. /// integer.
llvm::APSInt EvaluateKnownConstInt(const ASTContext &Ctx, llvm::APSInt EvaluateKnownConstInt(
const ASTContext &Ctx,
SmallVectorImpl<PartialDiagnosticAt> *Diag = nullptr) const;
llvm::APSInt EvaluateKnownConstIntCheckOverflow(
const ASTContext &Ctx,
SmallVectorImpl<PartialDiagnosticAt> *Diag = nullptr) const; SmallVectorImpl<PartialDiagnosticAt> *Diag = nullptr) const;
void EvaluateForOverflow(const ASTContext &Ctx) const; void EvaluateForOverflow(const ASTContext &Ctx) const;
/// EvaluateAsLValue - Evaluate an expression to see if we can fold it to an /// EvaluateAsLValue - Evaluate an expression to see if we can fold it to an
/// lvalue with link time known address, with no side-effects. /// lvalue with link time known address, with no side-effects.
bool EvaluateAsLValue(EvalResult &Result, const ASTContext &Ctx) const; bool EvaluateAsLValue(EvalResult &Result, const ASTContext &Ctx) const;
/// EvaluateAsInitializer - Evaluate an expression as if it were the /// EvaluateAsInitializer - Evaluate an expression as if it were the
▲ Show 20 LinesShow All 4,744 LinesShow Last 20 Lines

cfe/trunk/lib/AST/ExprConstant.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 10,845 Lines▼ Show 20 LinesAPSInt Expr::EvaluateKnownConstInt(const ASTContext &Ctx,
bool Result = EvaluateAsRValue(EvalResult, Ctx); bool Result = EvaluateAsRValue(EvalResult, Ctx);
(void)Result; (void)Result;
assert(Result && "Could not evaluate expression"); assert(Result && "Could not evaluate expression");
assert(EvalResult.Val.isInt() && "Expression did not evaluate to integer"); assert(EvalResult.Val.isInt() && "Expression did not evaluate to integer");
return EvalResult.Val.getInt(); return EvalResult.Val.getInt();
} }
APSInt Expr::EvaluateKnownConstIntCheckOverflow(
const ASTContext &Ctx, SmallVectorImpl<PartialDiagnosticAt> *Diag) const {
EvalResult EvalResult;
EvalResult.Diag = Diag;
EvalInfo Info(Ctx, EvalResult, EvalInfo::EM_EvaluateForOverflow);
bool Result = ::EvaluateAsRValue(Info, this, EvalResult.Val);
(void)Result;
assert(Result && "Could not evaluate expression");
assert(EvalResult.Val.isInt() && "Expression did not evaluate to integer");
return EvalResult.Val.getInt();
}
void Expr::EvaluateForOverflow(const ASTContext &Ctx) const { void Expr::EvaluateForOverflow(const ASTContext &Ctx) const {
bool IsConst; bool IsConst;
EvalResult EvalResult; EvalResult EvalResult;
if (!FastEvaluateAsRValue(this, EvalResult, Ctx, IsConst)) { if (!FastEvaluateAsRValue(this, EvalResult, Ctx, IsConst)) {
EvalInfo Info(Ctx, EvalResult, EvalInfo::EM_EvaluateForOverflow); EvalInfo Info(Ctx, EvalResult, EvalInfo::EM_EvaluateForOverflow);
(void)::EvaluateAsRValue(Info, this, EvalResult.Val); (void)::EvaluateAsRValue(Info, this, EvalResult.Val);
} }
} }
▲ Show 20 LinesShow All 638 LinesShow Last 20 Lines

cfe/trunk/lib/Sema/SemaExpr.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 14,099 Lines▼ Show 20 Lines if (!Diagnoser.Suppress)
Diagnoser.diagnoseNotICE(*this, DiagLoc, E->getSourceRange()); Diagnoser.diagnoseNotICE(*this, DiagLoc, E->getSourceRange());
return ExprError(); return ExprError();
} }
// Circumvent ICE checking in C++11 to avoid evaluating the expression twice // Circumvent ICE checking in C++11 to avoid evaluating the expression twice
// in the non-ICE case. // in the non-ICE case.
if (!getLangOpts().CPlusPlus11 && E->isIntegerConstantExpr(Context)) { if (!getLangOpts().CPlusPlus11 && E->isIntegerConstantExpr(Context)) {
if (Result) if (Result)
*Result = E->EvaluateKnownConstInt(Context); *Result = E->EvaluateKnownConstIntCheckOverflow(Context);
return E; return E;
} }
Expr::EvalResult EvalResult; Expr::EvalResult EvalResult;
SmallVector<PartialDiagnosticAt, 8> Notes; SmallVector<PartialDiagnosticAt, 8> Notes;
EvalResult.Diag = &Notes; EvalResult.Diag = &Notes;
// Try to evaluate the expression, and produce diagnostics explaining why it's // Try to evaluate the expression, and produce diagnostics explaining why it's
▲ Show 20 LinesShow All 2,480 LinesShow Last 20 Lines

cfe/trunk/test/Sema/integer-overflow.c

Show First 20 LinesShow All 166 Lines▼ Show 20 Lines
// expected-warning@+2 {{overflow in expression; result is 536870912 with type 'int'}} // expected-warning@+2 {{overflow in expression; result is 536870912 with type 'int'}}
uint64_t (*f0_ptr)(uint64_t) = &f0; uint64_t (*f0_ptr)(uint64_t) = &f0;
(void)(*f0_ptr)(4608 * 1024 * 1024); (void)(*f0_ptr)(4608 * 1024 * 1024);
// expected-warning@+1 {{overflow in expression; result is 536870912 with type 'int'}} // expected-warning@+1 {{overflow in expression; result is 536870912 with type 'int'}}
(void)f2(0, f0(4608 * 1024 * 1024)); (void)f2(0, f0(4608 * 1024 * 1024));
} }
void check_integer_overflows_in_array_size() {
int arr[4608 * 1024 * 1024]; // expected-warning {{overflow in expression; result is 536870912 with type 'int'}}
}
struct s { struct s {
unsigned x; unsigned x;
unsigned y; unsigned y;
} s = { } s = {
.y = 5, .y = 5,
.x = 4 * 1024 * 1024 * 1024 // expected-warning {{overflow in expression; result is 0 with type 'int'}} .x = 4 * 1024 * 1024 * 1024 // expected-warning {{overflow in expression; result is 0 with type 'int'}}
}; };
Show All 20 Lines