This is an archive of the discontinued LLVM Phabricator instance.

Differential D76084

[Sema][SVE] Reject subscripts on pointers to sizeless types
ClosedPublic

Authored by rsandifo-arm on Mar 12 2020, 11:38 AM.

Details

Reviewers
sdesmalen
efriedma
rovka
rjmccall
Commits
rG010005f0774e: [Sema][SVE] Reject subscripts on pointers to sizeless types
Summary

clang currently accepts:

__SVInt8_t &foo1(__SVInt8_t *x) { return *x; }
__SVInt8_t &foo2(__SVInt8_t *x) { return x[1]; }

The first function is valid ACLE code and generates correct LLVM IR
(and assembly code). But the second function is invalid for the
same reason that arrays of sizeless types are. Trying to code-generate
the function leads to:

llvm/include/llvm/Support/TypeSize.h:126: uint64_t llvm::TypeSize::getFixedSize() const: Assertion `!IsScalable && "Request for a fixed size on a s

calable object"' failed.

This patch reports an appropriate diagnostic instead.

Diff Detail

Event Timeline

rsandifo-arm created this revision.Mar 12 2020, 11:38 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 12 2020, 11:38 AM
Herald added subscribers: cfe-commits, psnobl, rkruppe, tschuett. · View Herald Transcript
rsandifo-arm added a parent revision: D76082: [Sema][SVE] Reject arrays of sizeless types.Mar 12 2020, 11:39 AM
rsandifo-arm added a child revision: D76086: [Sema][SVE] Reject arithmetic on pointers to sizeless types.Mar 12 2020, 11:45 AM
Harbormaster completed remote builds in B49021: Diff 249996.Mar 12 2020, 11:58 AM
efriedma added a comment.Mar 12 2020, 12:24 PM

I'm not sure we actually want to reject this; let's discuss on the review for D76086, since subscripting is sort of a special case of arithmetic.

rsandifo-arm added a comment.Mar 16 2020, 2:03 AM
In D76084#1920103, @efriedma wrote:

I'm not sure we actually want to reject this; let's discuss on the review for D76086, since subscripting is sort of a special case of arithmetic.

A silly corner case for this is:

template<typename T>
constexpr __SIZE_TYPE__ f(T *x) { return &x[1] - x; }
typedef int arr1[f((int *)0) - 1];
typedef int arr2[f((__SVInt8_t *)0) - 1];

which gives:

a.cpp:2:48: warning: subtraction of pointers to type '__SVInt8_t' of zero size has undefined behavior [-Wpointer-arith]
constexpr __SIZE_TYPE__ f(T *x) { return &x[1] - x; }
                                         ~~~~~ ^ ~
a.cpp:4:18: note: in instantiation of function template specialization 'f<__SVInt8_t>' requested here
typedef int arr2[f((__SVInt8_t *)0) - 1];
                 ^
a.cpp:4:13: error: variable length array declaration not allowed at file scope
typedef int arr2[f((__SVInt8_t *)0) - 1];
            ^

No real code would do anything like this of course. But I think it shows that it's going to be difficult to divide cases that measure sizeof only during CodeGen from those that measure it during Sema. With more and more things being accepted as constexprs, I think it's safer to treat any measure of sizeof as being at least potentially computable at compile time.

There's also the argument that this is what the spec says. I realise that's a fairly weak argument though, since the spec could always be changed.

efriedma added a comment.Mar 16 2020, 11:28 AM

We already support sizeof expressions where the result can't be computed at compile-time. For example: int f(int n, int (*p)[n]) { return sizeof(*p); }. (For constant contexts specifically, see HandleSizeof() in ExprConstant.cpp.) I think any argument that it would be hard to extend that to cover sizeless types is pretty weak.

Of course, just because we can support it doesn't mean we should. As a matter of language design, we might want to discourage users from writing that sort of thing. It could be argued either way.

efriedma accepted this revision.Mar 16 2020, 11:28 AM

This patch LGTM, at least for now.

This revision is now accepted and ready to land.Mar 16 2020, 11:28 AM
Closed by commit rG010005f0774e: [Sema][SVE] Reject subscripts on pointers to sizeless types (authored by rsandifo-arm). · Explain WhyMar 17 2020, 4:27 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
clang/
include/
clang/
Basic/
4 lines
lib/
Sema/
5 lines
test/
Sema/
4 lines
SemaCXX/
4 lines

Diff 250721

clang/include/clang/Basic/DiagnosticSemaKinds.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 6,120 Lines▼ Show 20 Lines
def ext_subscript_non_lvalue : Extension< def ext_subscript_non_lvalue : Extension<
"ISO C90 does not allow subscripting non-lvalue array">; "ISO C90 does not allow subscripting non-lvalue array">;
def err_typecheck_subscript_value : Error< def err_typecheck_subscript_value : Error<
"subscripted value is not an array, pointer, or vector">; "subscripted value is not an array, pointer, or vector">;
def err_typecheck_subscript_not_integer : Error< def err_typecheck_subscript_not_integer : Error<
"array subscript is not an integer">; "array subscript is not an integer">;
def err_subscript_function_type : Error< def err_subscript_function_type : Error<
"subscript of pointer to function type %0">; "subscript of pointer to function type %0">;
def err_subscript_incomplete_type : Error< def err_subscript_incomplete_or_sizeless_type : Error<
"subscript of pointer to incomplete type %0">; "subscript of pointer to %select{incomplete|sizeless}0 type %1">;
def err_dereference_incomplete_type : Error< def err_dereference_incomplete_type : Error<
"dereference of pointer to incomplete type %0">; "dereference of pointer to incomplete type %0">;
def ext_gnu_subscript_void_type : Extension< def ext_gnu_subscript_void_type : Extension<
"subscript of a pointer to void is a GNU extension">, InGroup<PointerArith>; "subscript of a pointer to void is a GNU extension">, InGroup<PointerArith>;
def err_typecheck_member_reference_struct_union : Error< def err_typecheck_member_reference_struct_union : Error<
"member reference base type %0 is not a structure or union">; "member reference base type %0 is not a structure or union">;
def err_typecheck_member_reference_ivar : Error< def err_typecheck_member_reference_ivar : Error<
"%0 does not have a member named %1">; "%0 does not have a member named %1">;
▲ Show 20 LinesShow All 4,499 LinesShow Last 20 Lines

clang/lib/Sema/SemaExpr.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 4,879 Lines▼ Show 20 Lines if (ResultType->isVoidType() && !getLangOpts().CPlusPlus) {
// GNU extension: subscripting on pointer to void // GNU extension: subscripting on pointer to void
Diag(LLoc, diag::ext_gnu_subscript_void_type) Diag(LLoc, diag::ext_gnu_subscript_void_type)
<< BaseExpr->getSourceRange(); << BaseExpr->getSourceRange();
// C forbids expressions of unqualified void type from being l-values. // C forbids expressions of unqualified void type from being l-values.
// See IsCForbiddenLValueType. // See IsCForbiddenLValueType.
if (!ResultType.hasQualifiers()) VK = VK_RValue; if (!ResultType.hasQualifiers()) VK = VK_RValue;
} else if (!ResultType->isDependentType() && } else if (!ResultType->isDependentType() &&
RequireCompleteType(LLoc, ResultType, RequireCompleteSizedType(
diag::err_subscript_incomplete_type, BaseExpr)) LLoc, ResultType,
diag::err_subscript_incomplete_or_sizeless_type, BaseExpr))
return ExprError(); return ExprError();
assert(VK == VK_RValue || LangOpts.CPlusPlus || assert(VK == VK_RValue || LangOpts.CPlusPlus ||
!ResultType.isCForbiddenLValueType()); !ResultType.isCForbiddenLValueType());
if (LHSExp->IgnoreParenImpCasts()->getType()->isVariablyModifiedType() && if (LHSExp->IgnoreParenImpCasts()->getType()->isVariablyModifiedType() &&
FunctionScopes.size() > 1) { FunctionScopes.size() > 1) {
if (auto *TT = if (auto *TT =
▲ Show 20 LinesShow All 13,529 LinesShow Last 20 Lines

clang/test/Sema/sizeless-1.c

Show First 20 LinesShow All 136 Lines▼ Show 20 Linesvoid func(int sel) {
dump(&volatile_int8); dump(&volatile_int8);
dump(&const_volatile_int8); dump(&const_volatile_int8);
*&local_int8 = local_int8; *&local_int8 = local_int8;
*&const_int8 = local_int8; // expected-error {{read-only variable is not assignable}} *&const_int8 = local_int8; // expected-error {{read-only variable is not assignable}}
*&volatile_int8 = local_int8; *&volatile_int8 = local_int8;
*&const_volatile_int8 = local_int8; // expected-error {{read-only variable is not assignable}} *&const_volatile_int8 = local_int8; // expected-error {{read-only variable is not assignable}}
global_int8_ptr[0] = local_int8; // expected-error {{subscript of pointer to sizeless type 'svint8_t'}}
global_int8_ptr[1] = local_int8; // expected-error {{subscript of pointer to sizeless type 'svint8_t'}}
global_int8_ptr = &global_int8_ptr[2]; // expected-error {{subscript of pointer to sizeless type 'svint8_t'}}
overf(local_int8); overf(local_int8);
overf(local_int16); overf(local_int16);
overf8(local_int8); overf8(local_int8);
overf8(local_int16); // expected-error {{no matching function}} overf8(local_int16); // expected-error {{no matching function}}
overf16(local_int8); // expected-error {{no matching function}} overf16(local_int8); // expected-error {{no matching function}}
overf16(local_int16); overf16(local_int16);
▲ Show 20 LinesShow All 110 LinesShow Last 20 Lines

clang/test/SemaCXX/sizeless-1.cpp

Show First 20 LinesShow All 157 Lines▼ Show 20 Lines#endif
dump(&volatile_int8); dump(&volatile_int8);
dump(&const_volatile_int8); dump(&const_volatile_int8);
*&local_int8 = local_int8; *&local_int8 = local_int8;
*&const_int8 = local_int8; // expected-error {{read-only variable is not assignable}} *&const_int8 = local_int8; // expected-error {{read-only variable is not assignable}}
*&volatile_int8 = local_int8; *&volatile_int8 = local_int8;
*&const_volatile_int8 = local_int8; // expected-error {{read-only variable is not assignable}} *&const_volatile_int8 = local_int8; // expected-error {{read-only variable is not assignable}}
global_int8_ptr[0] = local_int8; // expected-error {{subscript of pointer to sizeless type 'svint8_t'}}
global_int8_ptr[1] = local_int8; // expected-error {{subscript of pointer to sizeless type 'svint8_t'}}
global_int8_ptr = &global_int8_ptr[2]; // expected-error {{subscript of pointer to sizeless type 'svint8_t'}}
overf(local_int8); overf(local_int8);
overf(local_int16); overf(local_int16);
overf8(local_int8); overf8(local_int8);
overf8(local_int16); // expected-error {{no matching function}} overf8(local_int16); // expected-error {{no matching function}}
overf16(local_int8); // expected-error {{no matching function}} overf16(local_int8); // expected-error {{no matching function}}
overf16(local_int16); overf16(local_int16);
▲ Show 20 LinesShow All 369 LinesShow Last 20 Lines