Download Raw Diff

Details

Reviewers

jyknight
nickdesaulniers
hfinkel

Commits

rG72aa619a7fe0: Warn of uninitialized variables on asm goto's indirect branch

Summary

Outputs from an asm goto block cannot be used on the indirect branch.
It's not supported and may result in invalid code generation.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

void created this revision.Dec 10 2019, 4:17 PM

Herald added a project: Restricted Project. · View Herald TranscriptDec 10 2019, 4:17 PM

Herald added a subscriber: cfe-commits. · View Herald Transcript

void added a parent revision: D69876: Support output constraints on "asm goto".Dec 10 2019, 4:18 PM

Harbormaster completed remote builds in B42255: Diff 233221.Dec 10 2019, 4:18 PM

nickdesaulniers added inline comments.Dec 12 2019, 10:27 AM

clang/lib/Analysis/UninitializedValues.cpp
590	Is this more concise with `llvm::any_of`?
789	Should we mark the vals `MayUninitialized` here, rather than below? Then I think we can remove the `isAsmGoto` check you added in `getUninitUse`?
clang/test/Analysis/uninit-asm-goto.cpp
16	I wonder if it's straight forward to make this a "maybe uninitialized" warning, instead of "is uninitialized?" Consider the inline asm: asm volatile goto("ja %l1; mov %0, 42" : "=r"(foo) ::: bar); Since we can't introspect the inline asm, we're not sure whether `foo` gets initialized by the asm or not (as the asm could transfer control flow back to the C label before any assignments to the output). Telling the user it's definitely uninitialized is technically correct in this case, but definitely incorrect for: asm volatile goto("mov %0, 42; ja %l1;" : "=r"(foo) ::: bar);
38	Are we able to catch backwards branches from `asm goto`? (if so, would you mind please added that as an additional unit test). int foo; goto 1; 2: return foo; // should warn? 1: asm goto ("": "=r"(foo):::2); return foo;

Use "any_of" and improve tests.

clang/test/Analysis/uninit-asm-goto.cpp
16	The back end doesn't know how to generate code for a use in the indirect branches. It's really complicated and may result in code that doesn't actually work. I don't want to give off the impression that the code may work in these cases, because it would be essentially working by accident.
38	Yes, we should be able to warn about this. I added a testcase.

Harbormaster completed remote builds in B42444: Diff 233738.Dec 12 2019, 11:19 PM

strange, the below test isn't warning for me with this patch applied:

$ clang -O2 foo.c -c
$ cat foo.c
int quux(void) {
  int y;
  asm volatile goto("ja %l1" : "=r"(y) ::: err);
  return y;
err:
  return y;
}

In D71314#1788797, @nickdesaulniers wrote:
strange, the below test isn't warning for me with this patch applied:
$ clang -O2 foo.c -c
$ cat foo.c
int quux(void) {
  int y;
  asm volatile goto("ja %l1" : "=r"(y) ::: err);
  return y;
err:
  return y;
}

Use -Wuninitialized.

Check that the use isn't in the fallthrough block.

Harbormaster completed remote builds in B42773: Diff 234657.Dec 18 2019, 8:58 PM

Use -Wuninitialized.

D'oh!

clang/lib/Analysis/UninitializedValues.cpp
789	Bumping comment.
clang/test/Analysis/uninit-asm-goto.cpp
57	I think if you left out `indirect`, it would be clearer what this test is testing.

nickdesaulniers added inline comments.Dec 19 2019, 10:13 AM

clang/lib/Analysis/UninitializedValues.cpp
789	Ah, I see this was added in https://reviews.llvm.org/D69876.

nickdesaulniers added inline comments.Jan 6 2020, 9:31 AM

clang/lib/Analysis/UninitializedValues.cpp
798	Can you walk me through the logic of this function? I would assume for changes to `asm goto`, the above early `return` would have been removed? Otherwise we seem to be changing the logic of the non-`asm goto` case?
clang/test/Analysis/uninit-asm-goto.cpp
57	bump

Use "auto" and change labels to clarify test.

Herald added a subscriber: martong. · View Herald TranscriptFeb 15 2020, 2:14 PM

void marked 2 inline comments as done.Feb 15 2020, 2:15 PM

Variable can't be 'const'

void marked an inline comment as done.Feb 24 2020, 7:03 PM

void added inline comments.

clang/lib/Analysis/UninitializedValues.cpp
798	Sure. If the variable hasn't been initialized by the time it gets to the asm goto, then we mark it as "potentially uninitialized" so that it's caught on the indirect branch. Uses on the default/fallthrough path should resolve to "initialized". I'll add a comment.

Explain what's going on in VisitGCCAsmStmt better.

Harbormaster completed remote builds in B47181: Diff 246363.Feb 24 2020, 7:10 PM

Rebasing.

Friendly ping. :-)

nickdesaulniers accepted this revision.Mar 10 2020, 9:17 AM

This revision is now accepted and ready to land.Mar 10 2020, 9:17 AM

Closed by commit rG72aa619a7fe0: Warn of uninitialized variables on asm goto's indirect branch (authored by void). · Explain WhyMar 10 2020, 2:15 PM

This revision was automatically updated to reflect the committed changes.

nickdesaulniers mentioned this in D116059: [Clang][CFG] check children statements of asm goto.Dec 20 2021, 4:23 PM

Diff 249499

clang/lib/Analysis/UninitializedValues.cpp

Show First 20 Lines • Show All 570 Lines • ▼ Show 20 Lines	while (!Queue.empty()) {
// from a block that initializes the variable. We can't guarantee to		// from a block that initializes the variable. We can't guarantee to
// give an earlier location for the diagnostic (and it appears that		// give an earlier location for the diagnostic (and it appears that
// this code is intended to be reachable) so give a diagnostic here		// this code is intended to be reachable) so give a diagnostic here
// and go no further down this path.		// and go no further down this path.
Use.setUninitAfterDecl();		Use.setUninitAfterDecl();
continue;		continue;
}		}

		if (AtPredExit == MayUninitialized) {
		// If the predecessor's terminator is an "asm goto" that initializes
		// the variable, then it won't be counted as "initialized" on the
		// non-fallthrough paths.
		CFGTerminator term = Pred->getTerminator();
		if (const auto *as = dyn_cast_or_null<GCCAsmStmt>(term.getStmt())) {
		const CFGBlock fallthrough = Pred->succ_begin();
		if (as->isAsmGoto() &&
		llvm::any_of(as->outputs(), [&](const Expr *output) {
		return vd == findVar(output).getDecl() &&
		llvm::any_of(as->labels(),
		[&](const AddrLabelExpr *label) {
		nickdesaulniersUnsubmitted Done Reply Inline Actions Is this more concise with `llvm::any_of`? nickdesaulniers: Is this more concise with `llvm::any_of`?
		return label->getLabel()->getStmt() == B->Label &&
		B != fallthrough;
		});
		})) {
		Use.setUninitAfterDecl();
		continue;
		}
		}
		}

unsigned &SV = SuccsVisited[Pred->getBlockID()];		unsigned &SV = SuccsVisited[Pred->getBlockID()];
if (!SV) {		if (!SV) {
// When visiting the first successor of a block, mark all NULL		// When visiting the first successor of a block, mark all NULL
// successors as having been visited.		// successors as having been visited.
for (CFGBlock::const_succ_iterator SI = Pred->succ_begin(),		for (CFGBlock::const_succ_iterator SI = Pred->succ_begin(),
SE = Pred->succ_end();		SE = Pred->succ_end();
SI != SE; ++SI)		SI != SE; ++SI)
if (!*SI)		if (!*SI)
▲ Show 20 Lines • Show All 172 Lines • ▼ Show 20 Lines	if (VD && isTrackedVar(VD)) {
}		}
}		}
}		}
}		}

void TransferFunctions::VisitGCCAsmStmt(GCCAsmStmt *as) {		void TransferFunctions::VisitGCCAsmStmt(GCCAsmStmt *as) {
// An "asm goto" statement is a terminator that may initialize some variables.		// An "asm goto" statement is a terminator that may initialize some variables.
if (!as->isAsmGoto())		if (!as->isAsmGoto())
return;		return;
		nickdesaulniersUnsubmitted Not Done Reply Inline Actions Should we mark the vals `MayUninitialized` here, rather than below? Then I think we can remove the `isAsmGoto` check you added in `getUninitUse`? nickdesaulniers: Should we mark the vals `MayUninitialized` here, rather than below? Then I think we can remove…
		nickdesaulniersUnsubmitted Not Done Reply Inline Actions Bumping comment. nickdesaulniers: Bumping comment.
		nickdesaulniersUnsubmitted Not Done Reply Inline Actions Ah, I see this was added in https://reviews.llvm.org/D69876. nickdesaulniers: Ah, I see this was added in https://reviews.llvm.org/D69876.

for (const Expr *o : as->outputs())		for (const Expr *o : as->outputs())
if (const VarDecl *VD = findVar(o).getDecl())		if (const VarDecl *VD = findVar(o).getDecl())
vals[VD] = Initialized;		if (vals[VD] != Initialized)
		// If the variable isn't initialized by the time we get here, then we
		// mark it as potentially uninitialized for those cases where it's used
		// on an indirect path, where it's not guaranteed to be defined.
		vals[VD] = MayUninitialized;
}		}
		nickdesaulniersUnsubmitted Not Done Reply Inline Actions Can you walk me through the logic of this function? I would assume for changes to `asm goto`, the above early `return` would have been removed? Otherwise we seem to be changing the logic of the non-`asm goto` case? nickdesaulniers: Can you walk me through the logic of this function? I would assume for changes to `asm goto`…
		voidAuthorUnsubmitted Done Reply Inline Actions Sure. If the variable hasn't been initialized by the time it gets to the asm goto, then we mark it as "potentially uninitialized" so that it's caught on the indirect branch. Uses on the default/fallthrough path should resolve to "initialized". I'll add a comment. void: Sure. If the variable hasn't been initialized by the time it gets to the asm goto, then we mark…

void TransferFunctions::VisitObjCMessageExpr(ObjCMessageExpr *ME) {		void TransferFunctions::VisitObjCMessageExpr(ObjCMessageExpr *ME) {
// If the Objective-C message expression is an implicit no-return that		// If the Objective-C message expression is an implicit no-return that
// is not modeled in the CFG, set the tracked dataflow values to Unknown.		// is not modeled in the CFG, set the tracked dataflow values to Unknown.
if (objCNoRet.isImplicitNoReturn(ME)) {		if (objCNoRet.isImplicitNoReturn(ME)) {
vals.setAllScratchValues(Unknown);		vals.setAllScratchValues(Unknown);
}		}
}		}
Show All 23 Lines	static bool runOnBlock(const CFGBlock *block, const CFG &cfg,
}		}
// Apply the transfer function.		// Apply the transfer function.
TransferFunctions tf(vals, cfg, block, ac, classification, handler);		TransferFunctions tf(vals, cfg, block, ac, classification, handler);
for (const auto &I : *block) {		for (const auto &I : *block) {
if (Optional<CFGStmt> cs = I.getAs<CFGStmt>())		if (Optional<CFGStmt> cs = I.getAs<CFGStmt>())
tf.Visit(const_cast<Stmt *>(cs->getStmt()));		tf.Visit(const_cast<Stmt *>(cs->getStmt()));
}		}
CFGTerminator terminator = block->getTerminator();		CFGTerminator terminator = block->getTerminator();
if (GCCAsmStmt *as = dyn_cast_or_null<GCCAsmStmt>(terminator.getStmt()))		if (auto *as = dyn_cast_or_null<GCCAsmStmt>(terminator.getStmt()))
if (as->isAsmGoto())		if (as->isAsmGoto())
tf.Visit(as);		tf.Visit(as);
return vals.updateValueVectorWithScratch(block);		return vals.updateValueVectorWithScratch(block);
}		}

namespace {		namespace {

/// PruneBlocksHandler is a special UninitVariablesHandler that is used		/// PruneBlocksHandler is a special UninitVariablesHandler that is used
▲ Show 20 Lines • Show All 91 Lines • Show Last 20 Lines

clang/test/Analysis/uninit-asm-goto.cpp

	// RUN: %clang_cc1 -std=c++11 -Wuninitialized -verify %s			// RUN: %clang_cc1 -std=c++11 -Wuninitialized -verify %s
	// expected-no-diagnostics

				// test1: Expect no diagnostics
	int test1(int x) {			int test1(int x) {
	int y;			int y;
	asm goto("nop" : "=r"(y) : "r"(x) : : err);			asm goto("nop" : "=r"(y) : "r"(x) : : err);
	return y;			return y;
	err:			err:
	return -1;			return -1;
	}			}

				int test2(int x) {
				int y; // expected-warning {{variable 'y' is used uninitialized whenever its declaration is reached}} \
				// expected-note {{initialize the variable}}
				if (x < 42)
				asm volatile goto("testl %0, %0; testl %1, %2; jne %l3" : "+S"(x), "+D"(y) : "r"(x) :: indirect_1, indirect_2);
				nickdesaulniersUnsubmitted Not Done Reply Inline Actions I wonder if it's straight forward to make this a "maybe uninitialized" warning, instead of "is uninitialized?" Consider the inline asm: asm volatile goto("ja %l1; mov %0, 42" : "=r"(foo) ::: bar); Since we can't introspect the inline asm, we're not sure whether `foo` gets initialized by the asm or not (as the asm could transfer control flow back to the C label before any assignments to the output). Telling the user it's definitely uninitialized is technically correct in this case, but definitely incorrect for: asm volatile goto("mov %0, 42; ja %l1;" : "=r"(foo) ::: bar); nickdesaulniers: I wonder if it's straight forward to make this a "maybe uninitialized" warning, instead of "is…
				voidAuthorUnsubmitted Done Reply Inline Actions The back end doesn't know how to generate code for a use in the indirect branches. It's really complicated and may result in code that doesn't actually work. I don't want to give off the impression that the code may work in these cases, because it would be essentially working by accident. void: The back end doesn't know how to generate code for a use in the indirect branches. It's really…
				else
				asm volatile goto("testl %0, %1; testl %2, %3; jne %l5" : "+S"(x), "+D"(y) : "r"(x), "r"(y) :: indirect_1, indirect_2);
				return x + y;
				indirect_1:
				return -42;
				indirect_2:
				return y; // expected-note {{uninitialized use occurs here}}
				}

				int test3(int x) {
				int y; // expected-warning {{variable 'y' is used uninitialized whenever its declaration is reached}} \
				// expected-note {{initialize the variable}}
				asm goto("xorl %1, %0; jmp %l2" : "=&r"(y) : "r"(x) : : fail);
				normal:
				y += x;
				return y;
				if (x) {
				fail:
				return y; // expected-note {{uninitialized use occurs here}}
				}
				return 0;
				}
				nickdesaulniersUnsubmitted Not Done Reply Inline Actions Are we able to catch backwards branches from `asm goto`? (if so, would you mind please added that as an additional unit test). int foo; goto 1; 2: return foo; // should warn? 1: asm goto ("": "=r"(foo):::2); return foo; nickdesaulniers: Are we able to catch backwards branches from `asm goto`? (if so, would you mind please added…
				voidAuthorUnsubmitted Done Reply Inline Actions Yes, we should be able to warn about this. I added a testcase. void: Yes, we should be able to warn about this. I added a testcase.

				int test4(int x) {
				int y; // expected-warning {{variable 'y' is used uninitialized whenever its declaration is reached}} \
				// expected-note {{initialize the variable}}
				goto forward;
				backward:
				return y; // expected-note {{uninitialized use occurs here}}
				forward:
				asm goto("# %0 %1 %2" : "=r"(y) : "r"(x) : : backward);
				return y;
				}

				// test5: Expect no diagnostics
				int test5(int x) {
				int y;
				asm volatile goto("testl %0, %0; testl %1, %2; jne %l3" : "+S"(x), "+D"(y) : "r"(x) :: indirect, fallthrough);
				fallthrough:
				return y;
				indirect:
				nickdesaulniersUnsubmitted Done Reply Inline Actions I think if you left out `indirect`, it would be clearer what this test is testing. nickdesaulniers: I think if you left out `indirect`, it would be clearer what this test is testing.
				nickdesaulniersUnsubmitted Done Reply Inline Actions bump nickdesaulniers: bump
				return -2;
				}

This is an archive of the discontinued LLVM Phabricator instance.

Warn of uninitialized variables on asm goto's indirect branch
ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 249499

clang/lib/Analysis/UninitializedValues.cpp

clang/test/Analysis/uninit-asm-goto.cpp

This is an archive of the discontinued LLVM Phabricator instance.

Warn of uninitialized variables on asm goto's indirect branchClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 249499

clang/lib/Analysis/UninitializedValues.cpp

clang/test/Analysis/uninit-asm-goto.cpp

Warn of uninitialized variables on asm goto's indirect branch
ClosedPublic