This is an archive of the discontinued LLVM Phabricator instance.

Differential D83502

Change behavior with zero-sized static array extents
ClosedPublic

Authored by aaron.ballman on Jul 9 2020, 1:00 PM.

Details

Reviewers
rsmith
echristo
dblaikie
rjmccall
Summary

Currently, Clang diagnoses this code by default: void f(int a[static 0]); saying that "static has no effect on zero-length arrays" and this diagnostic is accurate for our implementation.

However, static array extents require that the caller of the function pass a nonnull pointer to an array of *at least* that number of elements, but it can pass more (see C17 6.7.6.3p6). Given that we allow zero-sized arrays as a GNU extension and that it's valid to pass more elements than specified by the static array extent, I think we should support zero-sized static array extents with the usual semantics because it can be useful, as pointed out to me on Twitter (https://twitter.com/rep_stosq_void/status/1280892279998291973):

void my_bzero(char p[static 0], int n);
my_bzero(&c+1, 0); //ok
my_bzero(t+k,n-k); //ok, pattern from actual code

Diff Detail

Event Timeline

aaron.ballman created this revision.Jul 9 2020, 1:00 PM
rjmccall added inline comments.Jul 9 2020, 2:12 PM
clang/lib/CodeGen/CGCall.cpp
2521

Isn't the old logic still correct? If the element size is static and the element count is positive, the argument is dereferenceable out to their product; otherwise it's nonnull if null is the zero value and we aren't semantically allowing that to be a valid pointer.

aaron.ballman marked an inline comment as done.Jul 10 2020, 4:04 AM
aaron.ballman added inline comments.
clang/lib/CodeGen/CGCall.cpp
2521

I was questioning this -- I didn't think the old logic was correct because it checks that the array is in address space 0, but the nonnull-ness should apply regardless of address space (I think). The point about valid null pointers still stands, though. Am I misunderstanding the intended address space behavior?

rjmccall added inline comments.Jul 10 2020, 10:22 AM
clang/lib/CodeGen/CGCall.cpp
2521

I believe LLVM's nonnull actually always means nonzero. static just tells us that the address is valid, so (1) we always have to suppress the attribute under NullPointerIsValid and (2) we have the suppress the attribute if the null address is nonzero, because the zero address could still be valid in that case. The way the existing code is implementing the latter seems excessively conservative about non-standard address spaces, since we might know that they still use a zero null pointer; more importantly, it seems wrong in the face of an address space that lowers to LLVM's address space 0 but doesn't use a zero null pointer. You can call getTargetInfo().getNullPointerValue(ETy.getAddressSpace()) == 0 to answer this more correctly.

aaron.ballman updated this revision to Diff 277120.Jul 10 2020, 12:18 PM
aaron.ballman marked an inline comment as done.

Updated based on review feedback.

clang/lib/CodeGen/CGCall.cpp
2521

Ah, I see! Thank you for the explanation -- I wasn't aware that null could be a valid address in other address spaces, but that makes sense.

rjmccall accepted this revision.Jul 10 2020, 12:47 PM

Thanks, LGTM.

clang/lib/CodeGen/CGCall.cpp
2521

(the zero representation, not null)

This revision is now accepted and ready to land.Jul 10 2020, 12:47 PM
aaron.ballman closed this revision.Jul 10 2020, 12:59 PM
aaron.ballman marked an inline comment as done.

Thanks for the review, I've gone ahead and committed in 006c49d890da633d1ce502117fc2a49863cd65b7

clang/lib/CodeGen/CGCall.cpp
2521

Agreed -- sorry for being imprecise when it mattered.

Revision Contents

PathSize
clang/
include/
clang/
Basic/
3 lines
lib/
CodeGen/
6 lines
Sema/
7 lines
test/
CodeGen/
4 lines
Sema/
7 lines

Diff 277120

clang/include/clang/Basic/DiagnosticSemaKinds.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 5,389 Lines▼ Show 20 Lines
def err_typecheck_invalid_restrict_not_pointer_noarg : Error< def err_typecheck_invalid_restrict_not_pointer_noarg : Error<
"restrict requires a pointer or reference">; "restrict requires a pointer or reference">;
def err_typecheck_invalid_restrict_invalid_pointee : Error< def err_typecheck_invalid_restrict_invalid_pointee : Error<
"pointer to function type %0 may not be 'restrict' qualified">; "pointer to function type %0 may not be 'restrict' qualified">;
def ext_typecheck_zero_array_size : Extension< def ext_typecheck_zero_array_size : Extension<
"zero size arrays are an extension">, InGroup<ZeroLengthArray>; "zero size arrays are an extension">, InGroup<ZeroLengthArray>;
def err_typecheck_zero_array_size : Error< def err_typecheck_zero_array_size : Error<
"zero-length arrays are not permitted in C++">; "zero-length arrays are not permitted in C++">;
def warn_typecheck_zero_static_array_size : Warning<
"'static' has no effect on zero-length arrays">,
InGroup<ArrayBounds>;
def err_array_size_non_int : Error<"size of array has non-integer type %0">; def err_array_size_non_int : Error<"size of array has non-integer type %0">;
def err_init_element_not_constant : Error< def err_init_element_not_constant : Error<
"initializer element is not a compile-time constant">; "initializer element is not a compile-time constant">;
def ext_aggregate_init_not_constant : Extension< def ext_aggregate_init_not_constant : Extension<
"initializer for aggregate is not a compile-time constant">, InGroup<C99>; "initializer for aggregate is not a compile-time constant">, InGroup<C99>;
def err_local_cant_init : Error< def err_local_cant_init : Error<
"'__local' variable cannot have an initializer">; "'__local' variable cannot have an initializer">;
def err_loader_uninitialized_cant_init def err_loader_uninitialized_cant_init
▲ Show 20 LinesShow All 5,456 LinesShow Last 20 Lines

clang/lib/CodeGen/CGCall.cpp

Show First 20 LinesShow All 2,498 Lines▼ Show 20 Lines case ABIArgInfo::Direct: {
// bytes). // bytes).
if (ArrTy->getSizeModifier() == ArrayType::Static) { if (ArrTy->getSizeModifier() == ArrayType::Static) {
QualType ETy = ArrTy->getElementType(); QualType ETy = ArrTy->getElementType();
uint64_t ArrSize = ArrTy->getSize().getZExtValue(); uint64_t ArrSize = ArrTy->getSize().getZExtValue();
if (!ETy->isIncompleteType() && ETy->isConstantSizeType() && if (!ETy->isIncompleteType() && ETy->isConstantSizeType() &&
ArrSize) { ArrSize) {
llvm::AttrBuilder Attrs; llvm::AttrBuilder Attrs;
Attrs.addDereferenceableAttr( Attrs.addDereferenceableAttr(
getContext().getTypeSizeInChars(ETy).getQuantity()*ArrSize); getContext().getTypeSizeInChars(ETy).getQuantity() *
ArrSize);
AI->addAttrs(Attrs); AI->addAttrs(Attrs);
} else if (getContext().getTargetAddressSpace(ETy) == 0 && } else if (getContext().getTargetInfo().getNullPointerValue(
ETy.getAddressSpace()) == 0 &&
!CGM.getCodeGenOpts().NullPointerIsValid) { !CGM.getCodeGenOpts().NullPointerIsValid) {
AI->addAttr(llvm::Attribute::NonNull); AI->addAttr(llvm::Attribute::NonNull);
} }
} }
} else if (const auto *ArrTy = } else if (const auto *ArrTy =
getContext().getAsVariableArrayType(OTy)) { getContext().getAsVariableArrayType(OTy)) {
// For C99 VLAs with the static keyword, we don't know the size so // For C99 VLAs with the static keyword, we don't know the size so
// we can't use the dereferenceable attribute, but in addrspace(0) // we can't use the dereferenceable attribute, but in addrspace(0)
// we know that it must be nonnull. // we know that it must be nonnull.
if (ArrTy->getSizeModifier() == VariableArrayType::Static && if (ArrTy->getSizeModifier() == VariableArrayType::Static &&
rjmccallUnsubmitted
Not Done
ReplyInline Actions

Isn't the old logic still correct? If the element size is static and the element count is positive, the argument is dereferenceable out to their product; otherwise it's nonnull if null is the zero value and we aren't semantically allowing that to be a valid pointer.

rjmccall: Isn't the old logic still correct? If the element size is static and the element count is…
aaron.ballmanAuthorUnsubmitted
Done
ReplyInline Actions

I was questioning this -- I didn't think the old logic was correct because it checks that the array is in address space 0, but the nonnull-ness should apply regardless of address space (I think). The point about valid null pointers still stands, though. Am I misunderstanding the intended address space behavior?

aaron.ballman: I was questioning this -- I didn't think the old logic was correct because it checks that the…
rjmccallUnsubmitted
Not Done
ReplyInline Actions

I believe LLVM's nonnull actually always means nonzero. static just tells us that the address is valid, so (1) we always have to suppress the attribute under NullPointerIsValid and (2) we have the suppress the attribute if the null address is nonzero, because the zero address could still be valid in that case. The way the existing code is implementing the latter seems excessively conservative about non-standard address spaces, since we might know that they still use a zero null pointer; more importantly, it seems wrong in the face of an address space that lowers to LLVM's address space 0 but doesn't use a zero null pointer. You can call getTargetInfo().getNullPointerValue(ETy.getAddressSpace()) == 0 to answer this more correctly.

rjmccall: I believe LLVM's `nonnull` actually always means nonzero. `static` just tells us that the…
aaron.ballmanAuthorUnsubmitted
Done
ReplyInline Actions

Ah, I see! Thank you for the explanation -- I wasn't aware that null could be a valid address in other address spaces, but that makes sense.

aaron.ballman: Ah, I see! Thank you for the explanation -- I wasn't aware that null could be a valid address…
rjmccallUnsubmitted
Not Done
ReplyInline Actions

(the zero representation, not null)

rjmccall: (the zero representation, not null)
aaron.ballmanAuthorUnsubmitted
Done
ReplyInline Actions

Agreed -- sorry for being imprecise when it mattered.

aaron.ballman: Agreed -- sorry for being imprecise when it mattered.
!getContext().getTargetAddressSpace(ArrTy->getElementType()) && !getContext().getTargetAddressSpace(ArrTy->getElementType()) &&
!CGM.getCodeGenOpts().NullPointerIsValid) !CGM.getCodeGenOpts().NullPointerIsValid)
AI->addAttr(llvm::Attribute::NonNull); AI->addAttr(llvm::Attribute::NonNull);
} }
// Set `align` attribute if any. // Set `align` attribute if any.
const auto *AVAttr = PVD->getAttr<AlignValueAttr>(); const auto *AVAttr = PVD->getAttr<AlignValueAttr>();
if (!AVAttr) if (!AVAttr)
▲ Show 20 LinesShow All 2,600 LinesShow Last 20 Lines

clang/lib/Sema/SemaType.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 2,387 Lines▼ Show 20 Lines if (!ArraySize) {
} }
if (ConstVal == 0) { if (ConstVal == 0) {
// GCC accepts zero sized static arrays. We allow them when // GCC accepts zero sized static arrays. We allow them when
// we're not in a SFINAE context. // we're not in a SFINAE context.
Diag(ArraySize->getBeginLoc(), isSFINAEContext() Diag(ArraySize->getBeginLoc(), isSFINAEContext()
? diag::err_typecheck_zero_array_size ? diag::err_typecheck_zero_array_size
: diag::ext_typecheck_zero_array_size) : diag::ext_typecheck_zero_array_size)
<< ArraySize->getSourceRange(); << ArraySize->getSourceRange();
if (ASM == ArrayType::Static) {
Diag(ArraySize->getBeginLoc(),
diag::warn_typecheck_zero_static_array_size)
<< ArraySize->getSourceRange();
ASM = ArrayType::Normal;
}
} else if (!T->isDependentType() && !T->isVariablyModifiedType() && } else if (!T->isDependentType() && !T->isVariablyModifiedType() &&
!T->isIncompleteType() && !T->isUndeducedType()) { !T->isIncompleteType() && !T->isUndeducedType()) {
// Is the array too large? // Is the array too large?
unsigned ActiveSizeBits unsigned ActiveSizeBits
= ConstantArrayType::getNumAddressingBits(Context, T, ConstVal); = ConstantArrayType::getNumAddressingBits(Context, T, ConstVal);
if (ActiveSizeBits > ConstantArrayType::getMaxSizeBits(Context)) { if (ActiveSizeBits > ConstantArrayType::getMaxSizeBits(Context)) {
Diag(ArraySize->getBeginLoc(), diag::err_array_too_large) Diag(ArraySize->getBeginLoc(), diag::err_array_too_large)
<< ConstVal.toString(10) << ArraySize->getSourceRange(); << ConstVal.toString(10) << ArraySize->getSourceRange();
▲ Show 20 LinesShow All 6,497 LinesShow Last 20 Lines

clang/test/CodeGen/vla.c

Show First 20 LinesShow All 200 Lines▼ Show 20 Lines
// provided. // provided.
void test8(int a[static 3]) { } void test8(int a[static 3]) { }
// CHECK: define void @test8(i32* dereferenceable(12) %a) // CHECK: define void @test8(i32* dereferenceable(12) %a)
void test9(int n, int a[static n]) { } void test9(int n, int a[static n]) { }
// NULL-INVALID: define void @test9(i32 %n, i32* nonnull %a) // NULL-INVALID: define void @test9(i32 %n, i32* nonnull %a)
// NULL-VALID: define void @test9(i32 %n, i32* %a) // NULL-VALID: define void @test9(i32 %n, i32* %a)
// Make sure a zero-sized static array extent is still required to be nonnull.
void test10(int a[static 0]) {}
// NULL-INVALID: define void @test10(i32* nonnull %a)
// NULL-VALID: define void @test10(i32* %a)

clang/test/Sema/static-array.c

// RUN: %clang_cc1 -triple x86_64-apple-macosx10.14.0 -fsyntax-only -fblocks -verify %s // RUN: %clang_cc1 -triple x86_64-apple-macosx10.14.0 -fsyntax-only -fblocks -pedantic -verify %s
void cat0(int a[static 0]) {} // expected-warning {{'static' has no effect on zero-length arrays}} void cat0(int a[static 0]) {} // expected-warning {{zero size arrays are an extension}} \
// expected-note {{callee declares array parameter as static here}}
void cat(int a[static 3]) {} // expected-note 4 {{callee declares array parameter as static here}} expected-note 2 {{passing argument to parameter 'a' here}} void cat(int a[static 3]) {} // expected-note 4 {{callee declares array parameter as static here}} expected-note 2 {{passing argument to parameter 'a' here}}
void vat(int i, int a[static i]) {} // expected-note {{callee declares array parameter as static here}} void vat(int i, int a[static i]) {} // expected-note {{callee declares array parameter as static here}}
void f(int *p) { void f(int *p) {
int a[2], b[3], c[4]; int a[2], b[3], c[4];
cat0(0); cat0(0); // expected-warning {{null passed to a callee that requires a non-null argument}}
cat(0); // expected-warning {{null passed to a callee that requires a non-null argument}} cat(0); // expected-warning {{null passed to a callee that requires a non-null argument}}
cat(a); // expected-warning {{array argument is too small; contains 2 elements, callee requires at least 3}} cat(a); // expected-warning {{array argument is too small; contains 2 elements, callee requires at least 3}}
cat(b); cat(b);
cat(c); cat(c);
cat(p); cat(p);
vat(1, 0); // expected-warning {{null passed to a callee that requires a non-null argument}} vat(1, 0); // expected-warning {{null passed to a callee that requires a non-null argument}}
▲ Show 20 LinesShow All 45 LinesShow Last 20 Lines