This is an archive of the discontinued LLVM Phabricator instance.

Differential D64564

Loop pragma parsing. NFC.
ClosedPublic

Authored by SjoerdMeijer on Jul 11 2019, 6:14 AM.

Details

Reviewers
samparker
dmgreen
Meinersbur
Commits
rG90374f755721: [clang] Loop pragma parsing. NFC.
rL368976: [clang] Loop pragma parsing. NFC.
rC368976: [clang] Loop pragma parsing. NFC.
Summary

Yesterday I was a bit distracted by loop pragma parsing (D64471), but still am a bit today too (this patch).

Diff Detail

Event Timeline

SjoerdMeijer created this revision.Jul 11 2019, 6:14 AM
SjoerdMeijer marked an inline comment as done.Jul 11 2019, 6:17 AM
SjoerdMeijer added inline comments.
clang/lib/Parse/ParsePragma.cpp
1015

I guess this does behave slightly different, i.e. the assert in a release build.

Before, in a release build, "unroll" was returned for an unexpected pragma, but now we return the empty string "".

Meinersbur added inline comments.Jul 11 2019, 9:43 AM
clang/lib/Parse/ParsePragma.cpp
1009–1017

getName() returns StringRef. No need to use a std::string yet.

1011–1014

This unconditionally creates (at least) 5 std::string objects.

1041–1046

[style] We don't use const for local variables. Could also use auto here since the type is already explicit on the RHS.

[suggestion] IsLoopHint would indicate the meaning of the boolean variable.

SjoerdMeijer updated this revision to Diff 209299.Jul 11 2019, 12:28 PM
SjoerdMeijer marked an inline comment as not done.

thanks for taking a look and the suggestions!

SjoerdMeijer added a comment.Jul 11 2019, 12:37 PM
This comment was removed by SjoerdMeijer.
Meinersbur accepted this revision.Jul 30 2019, 8:34 AM

LGTM

This revision is now accepted and ready to land.Jul 30 2019, 8:34 AM
Meinersbur requested changes to this revision.Jul 30 2019, 8:44 AM
Meinersbur added inline comments.
lib/Parse/ParsePragma.cpp
1011 ↗(On Diff #209299)

[serious] I know I already accepted the patch, but I just noticed something:
"clang loop " + Str.str() will allocate a temporary std::string, Str will potentially point to it, then the temporary string will be released. Str will then point to released memory and returned by this function, i.e. a use-after-free.

This revision now requires changes to proceed.Jul 30 2019, 8:44 AM
SjoerdMeijer marked an inline comment as done.Jul 30 2019, 11:13 AM
SjoerdMeijer added inline comments.
lib/Parse/ParsePragma.cpp
1011 ↗(On Diff #209299)

Oopsy, thanks for spotting this! Will fix this!

SjoerdMeijer updated this revision to Diff 212878.Aug 1 2019, 12:13 PM

Fixed the string problems.

SjoerdMeijer added a comment.Aug 13 2019, 9:39 AM

this is not important at all, but might be nice clean up, so friendly ping :-)

Meinersbur added inline comments.Aug 13 2019, 11:42 AM
clang/lib/Parse/ParsePragma.cpp
1010

[serious] Use-after-free here again. This line will do the following:

StringRef ClangLoopStr;
{
std::string tmp = "clang loop " + Str.str()
ClangLoopStr = tmp;
// tmp.~string() 
}
// Any use of ClangLoopStr will use memory released by tmp.~string()

Let me suggest a solution:

std::string ClangLoopStr = (Twine("clang loop ") + Str).str();
std::string Result = llvm::StringSwitch<StringRef>(Str)
               .Case("loop", ClangLoopStr)
               .Case("unroll_and_jam", Str)
               .Case("unroll", Str)
               .Default("");
return Result; // NRVO, ClangLoopStr will be released here, but if it was chosen by the StringSwitch, Result will hold a copy, so ClangLoopStr is not referenced anymore.

Note that this will alloc one more std::string in the non-ClangLoopStr cases than before the patch, but I don't think it's important.

SjoerdMeijer added a comment.Aug 13 2019, 2:37 PM

Sorry, should have done my std::string, StringRef, and Twine homework a lot better!

Thanks for your help and suggestions, will fix this.

SjoerdMeijer updated this revision to Diff 215162.Aug 14 2019, 10:27 AM

thanks for the suggestions; comments addressed.

Meinersbur accepted this revision.Aug 14 2019, 1:44 PM
Meinersbur added inline comments.
clang/lib/Parse/ParsePragma.cpp
1010

[nit] I am surprised it works without llvm:: qualifier for llvm::Twine. Maybe add it for consistency?

1016

[nit] One could just return llvm::StringSwitch... without a Result variable. I used it in the suggestion so I could comment on what happens when returning. Personally, there is nothing that I could care less about, so use what you prefer.

This revision is now accepted and ready to land.Aug 14 2019, 1:44 PM
SjoerdMeijer added a comment.Aug 14 2019, 11:39 PM

Thanks, and will fix your suggestions before committing.

Closed by commit rL368976: [clang] Loop pragma parsing. NFC. (authored by SjoerdMeijer). · Explain WhyAug 15 2019, 12:39 AM
This revision was automatically updated to reflect the committed changes.
Herald added a project: Restricted Project. · View Herald TranscriptAug 15 2019, 12:40 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript

Revision Contents

PathSize
clang/
lib/
Parse/
33 lines

Diff 212878

clang/lib/Parse/ParsePragma.cpp

Show First 20 LinesShow All 1,000 Lines▼ Show 20 Lines
struct PragmaLoopHintInfo { struct PragmaLoopHintInfo {
Token PragmaName; Token PragmaName;
Token Option; Token Option;
ArrayRef<Token> Toks; ArrayRef<Token> Toks;
}; };
} // end anonymous namespace } // end anonymous namespace
static std::string PragmaLoopHintString(Token PragmaName, Token Option) { static std::string PragmaLoopHintString(Token PragmaName, Token Option) {
std::string PragmaString; StringRef Str = PragmaName.getIdentifierInfo()->getName();
if (PragmaName.getIdentifierInfo()->getName() == "loop") { StringRef ClangLoopStr = "clang loop " + Str.str();
MeinersburUnsubmitted
Not Done
ReplyInline Actions

[serious] Use-after-free here again. This line will do the following:

StringRef ClangLoopStr;
{
std::string tmp = "clang loop " + Str.str()
ClangLoopStr = tmp;
// tmp.~string() 
}
// Any use of ClangLoopStr will use memory released by tmp.~string()

Let me suggest a solution:

std::string ClangLoopStr = (Twine("clang loop ") + Str).str();
std::string Result = llvm::StringSwitch<StringRef>(Str)
               .Case("loop", ClangLoopStr)
               .Case("unroll_and_jam", Str)
               .Case("unroll", Str)
               .Default("");
return Result; // NRVO, ClangLoopStr will be released here, but if it was chosen by the StringSwitch, Result will hold a copy, so ClangLoopStr is not referenced anymore.

Note that this will alloc one more std::string in the non-ClangLoopStr cases than before the patch, but I don't think it's important.

Meinersbur: [serious] Use-after-free here again. This line will do the following: ``` StringRef…
MeinersburUnsubmitted
Not Done
ReplyInline Actions

[nit] I am surprised it works without llvm:: qualifier for llvm::Twine. Maybe add it for consistency?

Meinersbur: [nit] I am surprised it works without `llvm::` qualifier for `llvm::Twine`. Maybe add it for…
PragmaString = "clang loop "; Str = llvm::StringSwitch<StringRef>(Str)
PragmaString += Option.getIdentifierInfo()->getName(); .Case("loop", ClangLoopStr)
} else if (PragmaName.getIdentifierInfo()->getName() == "unroll_and_jam") { .Case("unroll_and_jam", Str)
PragmaString = "unroll_and_jam"; .Case("unroll", Str)
MeinersburUnsubmitted
Not Done
ReplyInline Actions

This unconditionally creates (at least) 5 std::string objects.

Meinersbur: This unconditionally creates (at least) 5 `std::string` objects.
} else { .Default("");
SjoerdMeijerAuthorUnsubmitted
Not Done
ReplyInline Actions

I guess this does behave slightly different, i.e. the assert in a release build.

Before, in a release build, "unroll" was returned for an unexpected pragma, but now we return the empty string "".

SjoerdMeijer: I guess this does behave slightly different, i.e. the assert in a release build. Before, in a…
assert(PragmaName.getIdentifierInfo()->getName() == "unroll" && assert(Str.size() && "Unexpected pragma name");
MeinersburUnsubmitted
Not Done
ReplyInline Actions

[nit] One could just return llvm::StringSwitch... without a Result variable. I used it in the suggestion so I could comment on what happens when returning. Personally, there is nothing that I could care less about, so use what you prefer.

Meinersbur: [nit] One could just `return llvm::StringSwitch...` without a `Result` variable. I used it in…
"Unexpected pragma name"); return std::string(Str);
MeinersburUnsubmitted
Not Done
ReplyInline Actions

getName() returns StringRef. No need to use a std::string yet.

Meinersbur: `getName()` returns `StringRef`. No need to use a `std::string` yet.
PragmaString = "unroll";
}
return PragmaString;
} }
bool Parser::HandlePragmaLoopHint(LoopHint &Hint) { bool Parser::HandlePragmaLoopHint(LoopHint &Hint) {
assert(Tok.is(tok::annot_pragma_loop_hint)); assert(Tok.is(tok::annot_pragma_loop_hint));
PragmaLoopHintInfo *Info = PragmaLoopHintInfo *Info =
static_cast<PragmaLoopHintInfo *>(Tok.getAnnotationValue()); static_cast<PragmaLoopHintInfo *>(Tok.getAnnotationValue());
IdentifierInfo *PragmaNameInfo = Info->PragmaName.getIdentifierInfo(); IdentifierInfo *PragmaNameInfo = Info->PragmaName.getIdentifierInfo();
Hint.PragmaNameLoc = IdentifierLoc::create( Hint.PragmaNameLoc = IdentifierLoc::create(
Actions.Context, Info->PragmaName.getLocation(), PragmaNameInfo); Actions.Context, Info->PragmaName.getLocation(), PragmaNameInfo);
// It is possible that the loop hint has no option identifier, such as // It is possible that the loop hint has no option identifier, such as
// #pragma unroll(4). // #pragma unroll(4).
IdentifierInfo *OptionInfo = Info->Option.is(tok::identifier) IdentifierInfo *OptionInfo = Info->Option.is(tok::identifier)
? Info->Option.getIdentifierInfo() ? Info->Option.getIdentifierInfo()
: nullptr; : nullptr;
Hint.OptionLoc = IdentifierLoc::create( Hint.OptionLoc = IdentifierLoc::create(
Actions.Context, Info->Option.getLocation(), OptionInfo); Actions.Context, Info->Option.getLocation(), OptionInfo);
llvm::ArrayRef<Token> Toks = Info->Toks; llvm::ArrayRef<Token> Toks = Info->Toks;
// Return a valid hint if pragma unroll or nounroll were specified // Return a valid hint if pragma unroll or nounroll were specified
// without an argument. // without an argument.
bool PragmaUnroll = PragmaNameInfo->getName() == "unroll"; auto IsLoopHint = llvm::StringSwitch<bool>(PragmaNameInfo->getName())
bool PragmaNoUnroll = PragmaNameInfo->getName() == "nounroll"; .Cases("unroll", "nounroll", "unroll_and_jam",
bool PragmaUnrollAndJam = PragmaNameInfo->getName() == "unroll_and_jam"; "nounroll_and_jam", true)
bool PragmaNoUnrollAndJam = PragmaNameInfo->getName() == "nounroll_and_jam"; .Default(false);
if (Toks.empty() && (PragmaUnroll || PragmaNoUnroll || PragmaUnrollAndJam ||
PragmaNoUnrollAndJam)) { if (Toks.empty() && IsLoopHint) {
MeinersburUnsubmitted
Not Done
ReplyInline Actions

[style] We don't use const for local variables. Could also use auto here since the type is already explicit on the RHS.

[suggestion] IsLoopHint would indicate the meaning of the boolean variable.

Meinersbur: [style] We don't use `const` for local variables. Could also use `auto` here since the type is…
ConsumeAnnotationToken(); ConsumeAnnotationToken();
Hint.Range = Info->PragmaName.getLocation(); Hint.Range = Info->PragmaName.getLocation();
return true; return true;
} }
// The constant expression is always followed by an eof token, which increases // The constant expression is always followed by an eof token, which increases
// the TokSize by 1. // the TokSize by 1.
assert(!Toks.empty() && assert(!Toks.empty() &&
▲ Show 20 LinesShow All 2,227 LinesShow Last 20 Lines