This is an archive of the discontinued LLVM Phabricator instance.

Differential D66839

Fix stack address builtin for negative numbers
ClosedPublic

Authored by zoecarver on Aug 27 2019, 3:49 PM.

Details

Reviewers
kparzysz
eli.friedman
efriedma
Commits
rG6201f6601dec: Check args passed to __builtin_frame_address and __builtin_return_address.
Summary

This patch checks that an argument passed to either of the builtins __builtin_frame_address or __builtin_return_address is at least 0. This patch resolves the issue where these builtins would cause an infinite loop ( 25497 ).

Diff Detail

Event Timeline

zoecarver created this revision.Aug 27 2019, 3:49 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 27 2019, 3:49 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
zoecarver added reviewers: kparzysz, eli.friedman.Aug 27 2019, 3:52 PM
zoecarver marked an inline comment as done.
zoecarver added inline comments.
clang/test/Sema/builtin-stackaddress.c
10

For some reason lit was still erroring here.

Harbormaster completed remote builds in B37386: Diff 217517.Aug 27 2019, 3:54 PM
efriedma added a subscriber: efriedma.Aug 27 2019, 4:59 PM

We usually prefer to generate error messages for incorrect parameters to builtins in SemaChecking.cpp.

I don't think there's really an infinite loop here. The parameter to __builtin_frame_address is an unsigned integer; values greater than 0x7FFFFFFU aren't special. The reason it takes a very long time is that we try to unroll the implied loop; generating an object file with four billion load instructions takes essentially forever. We could impose a smaller limit, but it would be sort of arbitrary.

zoecarver added a comment.Aug 27 2019, 7:25 PM

Thanks for the explanation. Should I then not try to "fix" the issue? Or should I update sema checking?

efriedma added a comment.Aug 29 2019, 5:22 PM

In the context of __builtin_frame_address, an arbitrary limit is probably okay. Maybe something like 0xFFFF, which is larger than anyone would realistically use, but doesn't take a crazy amount of time to compile.

Jim added a subscriber: Jim.Dec 15 2019, 11:16 PM
Jim added a comment.Dec 16 2019, 1:53 AM

I think this checking should be implemented in lib/Sema/SemaChecking.cpp.

zoecarver added a comment.Dec 16 2019, 8:07 PM

@Jim Thanks, I'll move it.

zoecarver updated this revision to Diff 246277.Feb 24 2020, 12:24 PM
  • move verification to SemaChecking
Harbormaster completed remote builds in B47151: Diff 246277.Feb 24 2020, 12:29 PM
efriedma accepted this revision.Feb 24 2020, 12:49 PM

LGTM

This revision is now accepted and ready to land.Feb 24 2020, 12:49 PM
zoecarver closed this revision.Feb 24 2020, 2:24 PM

Resolved by c93112dc4f745b0455addb54bfe1c2f79b827c6d

zoecarver reopened this revision.Feb 24 2020, 2:37 PM

Reverted: 698078257285a044110620d7dab2fb4451a3fa29

This revision is now accepted and ready to land.Feb 24 2020, 2:37 PM
zoecarver updated this revision to Diff 246486.Feb 25 2020, 9:06 AM
  • Error if SemaBuiltinConstantArgRange returns true, not false
Harbormaster completed remote builds in B47220: Diff 246486.Feb 25 2020, 9:06 AM
zoecarver added a comment.Feb 25 2020, 9:07 AM

I was using SemaBuiltinConstantArgRange incorrectly. I was returning an error for !SemaBuiltinConstantArgRange instead of SemaBuiltinConstantArgRange. Also, I only modified the fail tests so I wasn't able to catch the error. Updated and am running both the Sema and CodeGen tests now. Should fix the error.

zoecarver updated this revision to Diff 246488.Feb 25 2020, 9:09 AM
  • diff from master (arg phab...)
Harbormaster completed remote builds in B47221: Diff 246488.Feb 25 2020, 9:12 AM
Closed by commit rG6201f6601dec: Check args passed to __builtin_frame_address and __builtin_return_address. (authored by zoecarver). · Explain WhyFeb 25 2020, 12:49 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
clang/
lib/
Sema/
5 lines
test/
Sema/
26 lines

Diff 246546

clang/lib/Sema/SemaChecking.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,841 Lines▼ Show 20 Lines case Builtin::BIget_kernel_sub_group_count_for_ndrange:
if (SemaOpenCLBuiltinNDRangeAndBlock(*this, TheCall)) if (SemaOpenCLBuiltinNDRangeAndBlock(*this, TheCall))
return ExprError(); return ExprError();
break; break;
case Builtin::BI__builtin_os_log_format: case Builtin::BI__builtin_os_log_format:
case Builtin::BI__builtin_os_log_format_buffer_size: case Builtin::BI__builtin_os_log_format_buffer_size:
if (SemaBuiltinOSLogFormat(TheCall)) if (SemaBuiltinOSLogFormat(TheCall))
return ExprError(); return ExprError();
break; break;
case Builtin::BI__builtin_frame_address:
case Builtin::BI__builtin_return_address:
if (SemaBuiltinConstantArgRange(TheCall, 0, 0, 0xFFFF))
return ExprError();
break;
} }
// Since the target specific builtins for each arch overlap, only check those // Since the target specific builtins for each arch overlap, only check those
// of the arch we are compiling for. // of the arch we are compiling for.
if (Context.BuiltinInfo.isTSBuiltin(BuiltinID)) { if (Context.BuiltinInfo.isTSBuiltin(BuiltinID)) {
switch (Context.getTargetInfo().getTriple().getArch()) { switch (Context.getTargetInfo().getTriple().getArch()) {
case llvm::Triple::arm: case llvm::Triple::arm:
case llvm::Triple::armeb: case llvm::Triple::armeb:
▲ Show 20 LinesShow All 12,634 LinesShow Last 20 Lines

clang/test/Sema/builtin-stackaddress.c

// RUN: %clang_cc1 -fsyntax-only -verify %s // RUN: %clang_cc1 -fsyntax-only -verify %s
void* a(unsigned x) { void* a(unsigned x) {
return __builtin_return_address(0); return __builtin_return_address(0);
} }
void b(unsigned x) { void b(unsigned x) {
return __builtin_return_address(x); // expected-error{{argument to '__builtin_return_address' must be a constant integer}} return __builtin_return_address(x); // expected-error{{argument to '__builtin_return_address' must be a constant integer}}
} }
zoecarverAuthorUnsubmitted
Done
ReplyInline Actions

For some reason lit was still erroring here.

zoecarver: For some reason `lit` was still erroring here.
void* c(unsigned x) { void* c(unsigned x) {
// expected-error@+1 {{argument value 4294967295 is outside the valid range [0, 65535]}}
return __builtin_return_address(-1);
}
void* d(unsigned x) {
// expected-error@+1 {{argument value 1048575 is outside the valid range [0, 65535]}}
return __builtin_return_address(0xFFFFF);
}
void* e(unsigned x) {
return __builtin_frame_address(0); return __builtin_frame_address(0);
} }
void d(unsigned x) { void f(unsigned x) {
return __builtin_frame_address(x); // expected-error{{argument to '__builtin_frame_address' must be a constant integer}} // expected-error@+1 {{argument to '__builtin_frame_address' must be a constant integer}}
return __builtin_frame_address(x);
}
void* g(unsigned x) {
// expected-error@+1 {{argument value 4294967295 is outside the valid range [0, 65535]}}
return __builtin_frame_address(-1);
}
void* h(unsigned x) {
// expected-error@+1 {{argument value 1048575 is outside the valid range [0, 65535]}}
return __builtin_frame_address(0xFFFFF);
} }