This is an archive of the discontinued LLVM Phabricator instance.

Differential D84272

Add checks for ValueObjectSP in Cocoa summary providers
ClosedPublic

Authored by shafik on Jul 21 2020, 3:21 PM.

Details

Reviewers
jingham
davide
teemperor
Commits
rG6700f4b9fe63: [LLDB] Add checks for ValueObjectSP in Cocoa summary providers
Summary

We saw a crash recently (rdar://problem/65276489) that looks related to we had good ValueObjectSP for some in Cocoa.cpp e.g. NSBundleSummaryProvider(...) summary providers. This adds checks before we use them when calling NSStringSummaryProvider.

Diff Detail

Event Timeline

shafik created this revision.Jul 21 2020, 3:21 PM
jingham added a comment.Jul 21 2020, 3:36 PM

The !text test is correct, since you intend to pass *text in as a ValueObject &. But I wouldn't add the GetValueAsUnsigned check, that seems confusing. The NSStringSummaryProvider is returning a bool to tell you whether it succeeded or not, so it seems odd to pre-judge one of it's error states.

shafik added a comment.Jul 22 2020, 4:00 PM

I was testing out how NSStringSummaryProvider deals w/ NULL using NSString *foo = nullptr and we filter out NULL values in ValueObjectPrinter::GetValueSummaryError(...) :

if (IsNil())
      summary.assign("nil");

That should mean that the text->GetValueAsUnsigned(0) == 0 is not necessary.

shafik updated this revision to Diff 279965.Jul 22 2020, 4:25 PM

Removing text->GetValueAsUnsigned(0) == 0 check.

davide requested changes to this revision.Jul 22 2020, 4:33 PM
davide added a subscriber: davide.

why? Do you have a testcase?

This revision now requires changes to proceed.Jul 22 2020, 4:33 PM
shafik added a comment.Jul 22 2020, 8:35 PM
In D84272#2168172, @davide wrote:

why? Do you have a testcase?

There are already tests but we have a crash report w/o a reproducer, these are obviously correct checks.

teemperor added a subscriber: teemperor.Jul 23 2020, 2:58 AM

I think Davide's point is that it's not clear what motivated this change and why this doesn't have a regression test. I'm also a bit confused by the description ("We saw a crash recently that looks related to we had good ValueObjectSP for some Cocoa summary providers."). If there isn't a way to test it, then maybe a sentence about why and some background information would be helpful (backtrace and radar numbers are usually fine).

Anyway, from what I can understand in the context is that we saw crashes that looks like we accessed a ValueObject nullptr from these function. And I think this change itself is fine as that's apparently how GetSyntheticChildAtOffset communicates errors.

I'm just a bit lost how we can get into this code path and I assume that's also the reason why there is no test. valobj appears to be valid, otherwise we wouldn't have gotten so far into this function. So GetSyntheticChildAtOffset returns a nullptr in this situation only if either the CompilerType we pass in is invalid or we can't complete the decl behind it. But the type we pass in is BasicTypeObjCID and I can't see a situation where we could end up not figuring out the size of plain id (the decl behind that is to my knowledge a builtin decl).

shafik edited the summary of this revision. (Show Details)Jul 23 2020, 10:10 AM
shafik added a comment.Jul 23 2020, 10:17 AM

I updated to include the radar number.

So we have a crash in NSStringSummaryProvider(...) when calling valobj.GetProcessSP() and we have what looks like a nullptr e.g. 0x0000000000000068

In this specific case we are coming from NSBundleSummaryProvider(...) and so we have some situation where text is not valid but we don't have enough information to reproduce it.

We are doing a very similar check in NSURLSummaryProvider(...) and so this is just a defensive check in the rest of the function to mirror that one.

teemperor accepted this revision.Jul 24 2020, 2:27 PM

I'm still not sure how this can happen or how this could be tested, but this patch seems reasonable. Also it seems we usually do nullptr checks on GetSyntheticChildAtOffset results, so at least it would be consistent if we do it here too. So LGTM.

The patch description is a bit confusing so maybe clarify that before landing (I'm not sure what "that looks related to we had good ValueObjectSP for some Cocoa summary providers" means).

shafik edited the summary of this revision. (Show Details)Jul 29 2020, 1:26 PM
This revision was not accepted when it landed; it landed in state Needs Revision.Jul 29 2020, 2:47 PM
Closed by commit rG6700f4b9fe63: [LLDB] Add checks for ValueObjectSP in Cocoa summary providers (authored by shafik). · Explain Why
This revision was automatically updated to reflect the committed changes.
shafik added a commit: rG6700f4b9fe63: [LLDB] Add checks for ValueObjectSP in Cocoa summary providers.
Herald added a project: Restricted Project. · View Herald TranscriptJul 29 2020, 2:47 PM

Revision Contents

PathSize
lldb/
source/
Plugins/
Language/
ObjC/
11 lines

Diff 281743

lldb/source/Plugins/Language/ObjC/Cocoa.cpp

Show First 20 LinesShow All 66 Lines▼ Show 20 Linesbool lldb_private::formatters::NSBundleSummaryProvider(
if (class_name == "NSBundle") { if (class_name == "NSBundle") {
uint64_t offset = 5 * ptr_size; uint64_t offset = 5 * ptr_size;
ValueObjectSP text(valobj.GetSyntheticChildAtOffset( ValueObjectSP text(valobj.GetSyntheticChildAtOffset(
offset, offset,
valobj.GetCompilerType().GetBasicTypeFromAST(lldb::eBasicTypeObjCID), valobj.GetCompilerType().GetBasicTypeFromAST(lldb::eBasicTypeObjCID),
true)); true));
if (!text)
return false;
StreamString summary_stream; StreamString summary_stream;
bool was_nsstring_ok = bool was_nsstring_ok =
NSStringSummaryProvider(*text, summary_stream, options); NSStringSummaryProvider(*text, summary_stream, options);
if (was_nsstring_ok && summary_stream.GetSize() > 0) { if (was_nsstring_ok && summary_stream.GetSize() > 0) {
stream.Printf("%s", summary_stream.GetData()); stream.Printf("%s", summary_stream.GetData());
return true; return true;
} }
} }
Show All 29 Linesbool lldb_private::formatters::NSTimeZoneSummaryProvider(
if (class_name.empty()) if (class_name.empty())
return false; return false;
if (class_name == "__NSTimeZone") { if (class_name == "__NSTimeZone") {
uint64_t offset = ptr_size; uint64_t offset = ptr_size;
ValueObjectSP text(valobj.GetSyntheticChildAtOffset( ValueObjectSP text(valobj.GetSyntheticChildAtOffset(
offset, valobj.GetCompilerType(), true)); offset, valobj.GetCompilerType(), true));
if (!text)
return false;
StreamString summary_stream; StreamString summary_stream;
bool was_nsstring_ok = bool was_nsstring_ok =
NSStringSummaryProvider(*text, summary_stream, options); NSStringSummaryProvider(*text, summary_stream, options);
if (was_nsstring_ok && summary_stream.GetSize() > 0) { if (was_nsstring_ok && summary_stream.GetSize() > 0) {
stream.Printf("%s", summary_stream.GetData()); stream.Printf("%s", summary_stream.GetData());
return true; return true;
} }
} }
Show All 29 Linesbool lldb_private::formatters::NSNotificationSummaryProvider(
if (class_name.empty()) if (class_name.empty())
return false; return false;
if (class_name == "NSConcreteNotification") { if (class_name == "NSConcreteNotification") {
uint64_t offset = ptr_size; uint64_t offset = ptr_size;
ValueObjectSP text(valobj.GetSyntheticChildAtOffset( ValueObjectSP text(valobj.GetSyntheticChildAtOffset(
offset, valobj.GetCompilerType(), true)); offset, valobj.GetCompilerType(), true));
if (!text)
return false;
StreamString summary_stream; StreamString summary_stream;
bool was_nsstring_ok = bool was_nsstring_ok =
NSStringSummaryProvider(*text, summary_stream, options); NSStringSummaryProvider(*text, summary_stream, options);
if (was_nsstring_ok && summary_stream.GetSize() > 0) { if (was_nsstring_ok && summary_stream.GetSize() > 0) {
stream.Printf("%s", summary_stream.GetData()); stream.Printf("%s", summary_stream.GetData());
return true; return true;
} }
} }
▲ Show 20 LinesShow All 969 LinesShow Last 20 Lines