This is an archive of the discontinued LLVM Phabricator instance.

Differential D69664

[Diagnostics] Teach -Wnull-dereference about address_space attribute
ClosedPublic

Authored by xbolva00 on Oct 31 2019, 8:24 AM.

Details

Reviewers
aaron.ballman
rsmith
Commits
rG01b10bc7b149: [Diagnostics] Teach -Wnull-dereference about address_space attribute
Summary

Clang should not warn for:

test.c:2:12: warning: indirection of non-volatile null pointer will be deleted,

  not trap [-Wnull-dereference]
return *(int __attribute__((address_space(256))) *) 0;
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solves PR42292.

Diff Detail

Event Timeline

xbolva00 created this revision.Oct 31 2019, 8:24 AM
Herald added a project: Restricted Project. · View Herald TranscriptOct 31 2019, 8:24 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
Harbormaster completed remote builds in B40343: Diff 227285.Oct 31 2019, 8:28 AM
xbolva00 marked an inline comment as done.Oct 31 2019, 8:33 AM
xbolva00 added inline comments.
clang/lib/Sema/SemaExpr.cpp
486–489

With this patch, we no longer warn for:

*(int attribute((address_space(0))) *) 0;

Worth to handle this case?

xbolva00 updated this revision to Diff 227286.Oct 31 2019, 8:36 AM

Added testcase with typedefed int.

Harbormaster completed remote builds in B40344: Diff 227286.Oct 31 2019, 8:37 AM
xbolva00 edited the summary of this revision. (Show Details)Oct 31 2019, 8:44 AM
xbolva00 added a comment.Nov 6 2019, 3:38 AM

Ping :)

aaron.ballman accepted this revision.Nov 7 2019, 11:40 AM

LGTM with a testing request.

clang/lib/Sema/SemaExpr.cpp
486–489

I mildly think it would be useful to warn in that case, but I'm fine with that being done later.

clang/test/Sema/exprs.c
190

Can you add a test case for dereferencing for a read instead of a write, just to ensure we don't diagnose that case?

You may want to add the address_space(0) test case as well, with a FIXME that it should warn at some point.

This revision is now accepted and ready to land.Nov 7 2019, 11:40 AM
xbolva00 updated this revision to Diff 228298.Nov 7 2019, 1:23 PM

More tests.
Handle attribute((address_space(0))).

Harbormaster completed remote builds in B40641: Diff 228298.Nov 7 2019, 1:27 PM
xbolva00 updated this revision to Diff 228301.Nov 7 2019, 1:31 PM

Removed unused variable.

xbolva00 updated this revision to Diff 228303.Nov 7 2019, 1:32 PM

Fixed comments.

Harbormaster completed remote builds in B40643: Diff 228301.Nov 7 2019, 1:37 PM
Harbormaster completed remote builds in B40644: Diff 228303.
Closed by commit rG01b10bc7b149: [Diagnostics] Teach -Wnull-dereference about address_space attribute (authored by xbolva00). · Explain WhyNov 7 2019, 1:47 PM
This revision was automatically updated to reflect the committed changes.
leonardchan added a subscriber: leonardchan.Nov 8 2019, 5:40 PM

Hi. I have a suspicion this patch is causing a segfault for us when building zircon: https://ci.chromium.org/p/fuchsia/builders/ci/fuchsia-x64-debug-clang/b8897388724384628544

I'm almost done with a bisect and will provide a reproducer if this is the case. Just raising awareness in the meantime.

leonardchan added a comment.Nov 8 2019, 5:59 PM

Yup, a bisect shows it was this patch that caused it. I filed a bug for tracking at https://bugs.llvm.org/show_bug.cgi?id=43950 and attached a reproducer. Could you look into this? Thanks.

clang/lib/Sema/SemaExpr.cpp
489

If I were to guess what would cause the segfault, I'd probably think it was the getPointeeType().getAddressSpace() in the event the type isn't actually a pointer.

Revision Contents

PathSize
clang/
lib/
Sema/
18 lines
test/
Sema/
3 lines

Diff 227286

clang/lib/Sema/SemaExpr.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 477 Lines▼ Show 20 Lines
static void CheckForNullPointerDereference(Sema &S, Expr *E) { static void CheckForNullPointerDereference(Sema &S, Expr *E) {
// Check to see if we are dereferencing a null pointer. If so, // Check to see if we are dereferencing a null pointer. If so,
// and if not volatile-qualified, this is undefined behavior that the // and if not volatile-qualified, this is undefined behavior that the
// optimizer will delete, so warn about it. People sometimes try to use this // optimizer will delete, so warn about it. People sometimes try to use this
// to get a deterministic trap and are surprised by clang's behavior. This // to get a deterministic trap and are surprised by clang's behavior. This
// only handles the pattern "*null", which is a very syntactic check. // only handles the pattern "*null", which is a very syntactic check.
if (UnaryOperator *UO = dyn_cast<UnaryOperator>(E->IgnoreParenCasts())) if (UnaryOperator *UO = dyn_cast<UnaryOperator>(E->IgnoreParenCasts()))
if (UO->getOpcode() == UO_Deref && if (UO->getOpcode() == UO_Deref &&
UO->getSubExpr()->IgnoreParenCasts()-> !isTargetAddressSpace(
isNullPointerConstant(S.Context, Expr::NPC_ValueDependentIsNotNull) && UO->getSubExpr()->getType()->getPointeeType().getAddressSpace()) &&
UO->getSubExpr()->IgnoreParenCasts()->isNullPointerConstant(
S.Context, Expr::NPC_ValueDependentIsNotNull) &&
xbolva00AuthorUnsubmitted
Done
ReplyInline Actions

With this patch, we no longer warn for:

*(int attribute((address_space(0))) *) 0;

Worth to handle this case?

xbolva00: With this patch, we no longer warn for: *(int __attribute__((address_space(0))) *) 0; Worth…
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

I mildly think it would be useful to warn in that case, but I'm fine with that being done later.

aaron.ballman: I mildly think it would be useful to warn in that case, but I'm fine with that being done later.
leonardchanUnsubmitted
Not Done
ReplyInline Actions

If I were to guess what would cause the segfault, I'd probably think it was the getPointeeType().getAddressSpace() in the event the type isn't actually a pointer.

leonardchan: If I were to guess what would cause the segfault, I'd probably think it was the `getPointeeType…
!UO->getType().isVolatileQualified()) { !UO->getType().isVolatileQualified()) {
S.DiagRuntimeBehavior(UO->getOperatorLoc(), UO, S.DiagRuntimeBehavior(UO->getOperatorLoc(), UO,
S.PDiag(diag::warn_indirection_through_null) S.PDiag(diag::warn_indirection_through_null)
<< UO->getSubExpr()->getSourceRange()); << UO->getSubExpr()->getSourceRange());
S.DiagRuntimeBehavior(UO->getOperatorLoc(), UO, S.DiagRuntimeBehavior(UO->getOperatorLoc(), UO,
S.PDiag(diag::note_indirection_through_null)); S.PDiag(diag::note_indirection_through_null));
} }
} }
static void DiagnoseDirectIsaAccess(Sema &S, const ObjCIvarRefExpr *OIRE, static void DiagnoseDirectIsaAccess(Sema &S, const ObjCIvarRefExpr *OIRE,
SourceLocation AssignLoc, SourceLocation AssignLoc,
const Expr* RHS) { const Expr* RHS) {
const ObjCIvarDecl *IV = OIRE->getDecl(); const ObjCIvarDecl *IV = OIRE->getDecl();
if (!IV) if (!IV)
return; return;
▲ Show 20 LinesShow All 17,517 LinesShow Last 20 Lines

clang/test/Sema/exprs.c

Show First 20 LinesShow All 173 Lines▼ Show 20 Linesvoid test18(int b) {
test18_a(); // expected-error {{too few arguments to function call, single argument 'a' was not specified}} test18_a(); // expected-error {{too few arguments to function call, single argument 'a' was not specified}}
test18_b(); // expected-error {{too few arguments to function call, expected 1, have 0}} test18_b(); // expected-error {{too few arguments to function call, expected 1, have 0}}
test18_c(b); // expected-error {{too few arguments to function call, expected 2, have 1}} test18_c(b); // expected-error {{too few arguments to function call, expected 2, have 1}}
test18_c(b, b, b); // expected-error {{too many arguments to function call, expected 2, have 3}} test18_c(b, b, b); // expected-error {{too many arguments to function call, expected 2, have 3}}
test18_d(); // expected-error {{too few arguments to function call, at least argument 'a' must be specified}} test18_d(); // expected-error {{too few arguments to function call, at least argument 'a' must be specified}}
test18_e(); // expected-error {{too few arguments to function call, expected at least 2, have 0}} test18_e(); // expected-error {{too few arguments to function call, expected at least 2, have 0}}
} }
typedef int __attribute__((address_space(256))) int_AS256;
// PR7569 // PR7569
void test19() { void test19() {
*(int*)0 = 0; // expected-warning {{indirection of non-volatile null pointer}} \ *(int*)0 = 0; // expected-warning {{indirection of non-volatile null pointer}} \
// expected-note {{consider using __builtin_trap}} // expected-note {{consider using __builtin_trap}}
*(volatile int*)0 = 0; // Ok. *(volatile int*)0 = 0; // Ok.
*(int __attribute__((address_space(256))) *)0 = 0; // Ok.
*(int_AS256*)0 = 0; // Ok.
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Can you add a test case for dereferencing for a read instead of a write, just to ensure we don't diagnose that case?

You may want to add the address_space(0) test case as well, with a FIXME that it should warn at some point.

aaron.ballman: Can you add a test case for dereferencing for a read instead of a write, just to ensure we…
// rdar://9269271 // rdar://9269271
int x = *(int*)0; // expected-warning {{indirection of non-volatile null pointer}} \ int x = *(int*)0; // expected-warning {{indirection of non-volatile null pointer}} \
// expected-note {{consider using __builtin_trap}} // expected-note {{consider using __builtin_trap}}
int x2 = *(volatile int*)0; // Ok. int x2 = *(volatile int*)0; // Ok.
int *p = &(*(int*)0); // Ok; int *p = &(*(int*)0); // Ok;
} }
int test20(int x) { int test20(int x) {
▲ Show 20 LinesShow All 59 LinesShow Last 20 Lines