This is an archive of the discontinued LLVM Phabricator instance.

Diagnose if a SLEB128 is too large to fit in an int64_t.
ClosedPublic

Authored by rsmith on Jan 26 2021, 11:52 PM.

Download Raw Diff

Details

Reviewers

dblaikie
aardappel

Commits

rG32e98f05fe10: Diagnose if a SLEB128 is too large to fit in an int64_t.

Summary

Previously we'd hit UB due to an invalid left shift operand.

Also fix the WASM emitter to properly use SLEB128 encoding instead of
ULEB128 encoding for signed fields so that negative numbers don't
result in overly-large values that we can't read back any more.

In passing, don't diagnose a non-canonical ULEB128 that fits in a uint64_t but
has redundant trailing zero bytes.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

rsmith created this revision.Jan 26 2021, 11:52 PM

Herald added subscribers: dexonsmith, sunfish, hiraditya, sbc100. · View Herald TranscriptJan 26 2021, 11:52 PM

rsmith requested review of this revision.Jan 26 2021, 11:52 PM

Herald added a project: Restricted Project. · View Herald TranscriptJan 26 2021, 11:52 PM

Herald added a subscriber: aheejin. · View Herald Transcript

Harbormaster completed remote builds in B86807: Diff 319478.Jan 27 2021, 12:31 AM

Looks good - thanks!

This revision is now accepted and ready to land.Jan 27 2021, 11:20 AM

sbc100 added inline comments.Jan 27 2021, 11:33 AM

llvm/lib/ObjectYAML/WasmEmitter.cpp
585	I'm not sure about this part. The addend is currently defined to be the same data type regardless of the encoding of the relocation itself. The addend is the value is added to the to the value before writing to relocation location. The encoding used when writing to the relocation address (LEB vs SLEB vs I32, etc) I think is independent of this. See the definition of addend in https://github.com/WebAssembly/tool-conventions/blob/master/Linking.md
585	Regardless of the discussion here it might make sense to split out this wasm-specific part of the change.

sbc100 added inline comments.Jan 27 2021, 11:36 AM

llvm/lib/ObjectYAML/WasmEmitter.cpp
585	It looks like perhaps the correct fix it to use encodeSLEB128 universally here.

Always use SLEB for Wasm reloc addeds.

Harbormaster completed remote builds in B86939: Diff 319730.Jan 27 2021, 7:03 PM

aardappel accepted this revision.Jan 28 2021, 12:21 PM

This revision was landed with ongoing or failed builds.Feb 2 2021, 2:33 PM

Closed by commit rG32e98f05fe10: Diagnose if a SLEB128 is too large to fit in an int64_t. (authored by rsmith). · Explain Why

This revision was automatically updated to reflect the committed changes.

rsmith added a commit: rG32e98f05fe10: Diagnose if a SLEB128 is too large to fit in an int64_t..

I think this conveniently solves the TODO that I had in my in-review patch here: https://reviews.llvm.org/D78797
Thanks!

Revision Contents

Path

Size

llvm/

include/

llvm/

Support/

LEB128.h

18 lines

lib/

ObjectYAML/

WasmEmitter.cpp

3 lines

unittests/

Support/

LEB128Test.cpp

62 lines

Diff 320910

llvm/include/llvm/Support/LEB128.h

Show First 20 Lines • Show All 136 Lines • ▼ Show 20 Lines	do {
if (p == end) {		if (p == end) {
if (error)		if (error)
*error = "malformed uleb128, extends past end";		*error = "malformed uleb128, extends past end";
if (n)		if (n)
*n = (unsigned)(p - orig_p);		*n = (unsigned)(p - orig_p);
return 0;		return 0;
}		}
uint64_t Slice = *p & 0x7f;		uint64_t Slice = *p & 0x7f;
if (Shift >= 64 \|\| Slice << Shift >> Shift != Slice) {		if ((Shift >= 64 && Slice != 0) \|\| Slice << Shift >> Shift != Slice) {
if (error)		if (error)
*error = "uleb128 too big for uint64";		*error = "uleb128 too big for uint64";
if (n)		if (n)
*n = (unsigned)(p - orig_p);		*n = (unsigned)(p - orig_p);
return 0;		return 0;
}		}
Value += uint64_t(*p & 0x7f) << Shift;		Value += Slice << Shift;
Shift += 7;		Shift += 7;
} while (*p++ >= 128);		} while (*p++ >= 128);
if (n)		if (n)
*n = (unsigned)(p - orig_p);		*n = (unsigned)(p - orig_p);
return Value;		return Value;
}		}

/// Utility function to decode a SLEB128 value.		/// Utility function to decode a SLEB128 value.
Show All 9 Lines	inline int64_t decodeSLEB128(const uint8_t p, unsigned n = nullptr,
do {		do {
if (p == end) {		if (p == end) {
if (error)		if (error)
*error = "malformed sleb128, extends past end";		*error = "malformed sleb128, extends past end";
if (n)		if (n)
*n = (unsigned)(p - orig_p);		*n = (unsigned)(p - orig_p);
return 0;		return 0;
}		}
Byte = *p++;		Byte = *p;
Value \|= (uint64_t(Byte & 0x7f) << Shift);		int64_t Slice = Byte & 0x7f;
		if ((Shift >= 64 && Slice != (Value < 0 ? 0x7f : 0x00)) \|\|
		(Shift == 63 && Slice != 0 && Slice != 0x7f)) {
		if (error)
		*error = "sleb128 too big for int64";
		if (n)
		*n = (unsigned)(p - orig_p);
		return 0;
		}
		Value \|= Slice << Shift;
Shift += 7;		Shift += 7;
		++p;
} while (Byte >= 128);		} while (Byte >= 128);
// Sign extend negative numbers if needed.		// Sign extend negative numbers if needed.
if (Shift < 64 && (Byte & 0x40))		if (Shift < 64 && (Byte & 0x40))
Value \|= (-1ULL) << Shift;		Value \|= (-1ULL) << Shift;
if (n)		if (n)
*n = (unsigned)(p - orig_p);		*n = (unsigned)(p - orig_p);
return Value;		return Value;
}		}
Show All 10 Lines

llvm/lib/ObjectYAML/WasmEmitter.cpp

Show First 20 Lines • Show All 569 Lines • ▼ Show 20 Lines	for (auto Reloc : Sec.Relocations) {
case wasm::R_WASM_MEMORY_ADDR_LEB64:		case wasm::R_WASM_MEMORY_ADDR_LEB64:
case wasm::R_WASM_MEMORY_ADDR_SLEB:		case wasm::R_WASM_MEMORY_ADDR_SLEB:
case wasm::R_WASM_MEMORY_ADDR_SLEB64:		case wasm::R_WASM_MEMORY_ADDR_SLEB64:
case wasm::R_WASM_MEMORY_ADDR_I32:		case wasm::R_WASM_MEMORY_ADDR_I32:
case wasm::R_WASM_MEMORY_ADDR_I64:		case wasm::R_WASM_MEMORY_ADDR_I64:
case wasm::R_WASM_FUNCTION_OFFSET_I32:		case wasm::R_WASM_FUNCTION_OFFSET_I32:
case wasm::R_WASM_FUNCTION_OFFSET_I64:		case wasm::R_WASM_FUNCTION_OFFSET_I64:
case wasm::R_WASM_SECTION_OFFSET_I32:		case wasm::R_WASM_SECTION_OFFSET_I32:
encodeULEB128(Reloc.Addend, OS);		encodeSLEB128(Reloc.Addend, OS);
		break;
}		}
}		}
}		}

bool WasmWriter::writeWasm(raw_ostream &OS) {		bool WasmWriter::writeWasm(raw_ostream &OS) {
// Write headers		// Write headers
		sbc100Unsubmitted Not Done Reply Inline Actions I'm not sure about this part. The addend is currently defined to be the same data type regardless of the encoding of the relocation itself. The addend is the value is added to the to the value before writing to relocation location. The encoding used when writing to the relocation address (LEB vs SLEB vs I32, etc) I think is independent of this. See the definition of addend in https://github.com/WebAssembly/tool-conventions/blob/master/Linking.md sbc100: I'm not sure about this part. The addend is currently defined to be the same data type…
		sbc100Unsubmitted Not Done Reply Inline Actions Regardless of the discussion here it might make sense to split out this wasm-specific part of the change. sbc100: Regardless of the discussion here it might make sense to split out this wasm-specific part of…
		sbc100Unsubmitted Not Done Reply Inline Actions It looks like perhaps the correct fix it to use encodeSLEB128 universally here. sbc100: It looks like perhaps the correct fix it to use encodeSLEB128 universally here.
OS.write(wasm::WasmMagic, sizeof(wasm::WasmMagic));		OS.write(wasm::WasmMagic, sizeof(wasm::WasmMagic));
writeUint32(OS, Obj.Header.Version);		writeUint32(OS, Obj.Header.Version);

// Write each section		// Write each section
llvm::object::WasmSectionOrderChecker Checker;		llvm::object::WasmSectionOrderChecker Checker;
for (const std::unique_ptr<WasmYAML::Section> &Sec : Obj.Sections) {		for (const std::unique_ptr<WasmYAML::Section> &Sec : Obj.Sections) {
StringRef SecName = "";		StringRef SecName = "";
if (auto S = dyn_cast<WasmYAML::CustomSection>(Sec.get()))		if (auto S = dyn_cast<WasmYAML::CustomSection>(Sec.get()))
▲ Show 20 Lines • Show All 80 Lines • Show Last 20 Lines

llvm/unittests/Support/LEB128Test.cpp

Show First 20 Lines • Show All 131 Lines • ▼ Show 20 Lines	#define EXPECT_DECODE_ULEB128_EQ(EXPECTED, VALUE) \

// Decode ULEB128 with extra padding bytes		// Decode ULEB128 with extra padding bytes
EXPECT_DECODE_ULEB128_EQ(0u, "\x80\x00");		EXPECT_DECODE_ULEB128_EQ(0u, "\x80\x00");
EXPECT_DECODE_ULEB128_EQ(0u, "\x80\x80\x00");		EXPECT_DECODE_ULEB128_EQ(0u, "\x80\x80\x00");
EXPECT_DECODE_ULEB128_EQ(0x7fu, "\xff\x00");		EXPECT_DECODE_ULEB128_EQ(0x7fu, "\xff\x00");
EXPECT_DECODE_ULEB128_EQ(0x7fu, "\xff\x80\x00");		EXPECT_DECODE_ULEB128_EQ(0x7fu, "\xff\x80\x00");
EXPECT_DECODE_ULEB128_EQ(0x80u, "\x80\x81\x00");		EXPECT_DECODE_ULEB128_EQ(0x80u, "\x80\x81\x00");
EXPECT_DECODE_ULEB128_EQ(0x80u, "\x80\x81\x80\x00");		EXPECT_DECODE_ULEB128_EQ(0x80u, "\x80\x81\x80\x00");
		EXPECT_DECODE_ULEB128_EQ(0x80u, "\x80\x81\x80\x80\x80\x80\x80\x80\x80\x00");
		EXPECT_DECODE_ULEB128_EQ(0x80000000'00000000ul,
		"\x80\x80\x80\x80\x80\x80\x80\x80\x80\x01");

#undef EXPECT_DECODE_ULEB128_EQ		#undef EXPECT_DECODE_ULEB128_EQ
}		}

		TEST(LEB128Test, DecodeInvalidULEB128) {
		#define EXPECT_INVALID_ULEB128(VALUE, ERROR_OFFSET) \
		do { \
		const uint8_t Value = reinterpret_cast<const uint8_t >(VALUE); \
		const char *Error = nullptr; \
		unsigned ErrorOffset = 0; \
		uint64_t Actual = \
		decodeULEB128(Value, &ErrorOffset, Value + strlen(VALUE), &Error); \
		EXPECT_NE(Error, nullptr); \
		EXPECT_EQ(0ul, Actual); \
		EXPECT_EQ(ERROR_OFFSET, ErrorOffset); \
		} while (0)

		// Buffer overflow.
		EXPECT_INVALID_ULEB128("", 0u);
		EXPECT_INVALID_ULEB128("\x80", 1u);

		// Does not fit in 64 bits.
		EXPECT_INVALID_ULEB128("\x80\x80\x80\x80\x80\x80\x80\x80\x80\x02", 9u);
		EXPECT_INVALID_ULEB128("\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x02", 10u);

		#undef EXPECT_INVALID_ULEB128
		}

TEST(LEB128Test, DecodeSLEB128) {		TEST(LEB128Test, DecodeSLEB128) {
#define EXPECT_DECODE_SLEB128_EQ(EXPECTED, VALUE) \		#define EXPECT_DECODE_SLEB128_EQ(EXPECTED, VALUE) \
do { \		do { \
unsigned ActualSize = 0; \		unsigned ActualSize = 0; \
int64_t Actual = decodeSLEB128(reinterpret_cast<const uint8_t *>(VALUE), \		int64_t Actual = decodeSLEB128(reinterpret_cast<const uint8_t *>(VALUE), \
&ActualSize); \		&ActualSize); \
EXPECT_EQ(sizeof(VALUE) - 1, ActualSize); \		EXPECT_EQ(sizeof(VALUE) - 1, ActualSize); \
EXPECT_EQ(EXPECTED, Actual); \		EXPECT_EQ(EXPECTED, Actual); \
Show All 19 Lines	#define EXPECT_DECODE_SLEB128_EQ(EXPECTED, VALUE) \

// Decode unnormalized SLEB128 with extra padding bytes.		// Decode unnormalized SLEB128 with extra padding bytes.
EXPECT_DECODE_SLEB128_EQ(0L, "\x80\x00");		EXPECT_DECODE_SLEB128_EQ(0L, "\x80\x00");
EXPECT_DECODE_SLEB128_EQ(0L, "\x80\x80\x00");		EXPECT_DECODE_SLEB128_EQ(0L, "\x80\x80\x00");
EXPECT_DECODE_SLEB128_EQ(0x7fL, "\xff\x00");		EXPECT_DECODE_SLEB128_EQ(0x7fL, "\xff\x00");
EXPECT_DECODE_SLEB128_EQ(0x7fL, "\xff\x80\x00");		EXPECT_DECODE_SLEB128_EQ(0x7fL, "\xff\x80\x00");
EXPECT_DECODE_SLEB128_EQ(0x80L, "\x80\x81\x00");		EXPECT_DECODE_SLEB128_EQ(0x80L, "\x80\x81\x00");
EXPECT_DECODE_SLEB128_EQ(0x80L, "\x80\x81\x80\x00");		EXPECT_DECODE_SLEB128_EQ(0x80L, "\x80\x81\x80\x00");
		EXPECT_DECODE_SLEB128_EQ(0x80L, "\x80\x81\x80\x80\x80\x80\x80\x80\x80\x00");
		EXPECT_DECODE_SLEB128_EQ(-2L, "\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x7F");
		EXPECT_DECODE_SLEB128_EQ(INT64_MIN,
		"\x80\x80\x80\x80\x80\x80\x80\x80\x80\x7F");
		EXPECT_DECODE_SLEB128_EQ(INT64_MAX,
		"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00");

#undef EXPECT_DECODE_SLEB128_EQ		#undef EXPECT_DECODE_SLEB128_EQ
}		}

		TEST(LEB128Test, DecodeInvalidSLEB128) {
		#define EXPECT_INVALID_SLEB128(VALUE, ERROR_OFFSET) \
		do { \
		const uint8_t Value = reinterpret_cast<const uint8_t >(VALUE); \
		const char *Error = nullptr; \
		unsigned ErrorOffset = 0; \
		uint64_t Actual = \
		decodeSLEB128(Value, &ErrorOffset, Value + strlen(VALUE), &Error); \
		EXPECT_NE(Error, nullptr); \
		EXPECT_EQ(0ul, Actual); \
		EXPECT_EQ(ERROR_OFFSET, ErrorOffset); \
		} while (0)

		// Buffer overflow.
		EXPECT_INVALID_SLEB128("", 0u);
		EXPECT_INVALID_SLEB128("\x80", 1u);

		// Does not fit in 64 bits.
		EXPECT_INVALID_SLEB128("\x80\x80\x80\x80\x80\x80\x80\x80\x80\x01", 9u);
		EXPECT_INVALID_SLEB128("\x80\x80\x80\x80\x80\x80\x80\x80\x80\x7E", 9u);
		EXPECT_INVALID_SLEB128("\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x02", 10u);
		EXPECT_INVALID_SLEB128("\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x7E", 9u);
		EXPECT_INVALID_SLEB128("\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x01", 9u);
		EXPECT_INVALID_SLEB128("\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x7E", 10u);
		EXPECT_INVALID_SLEB128("\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00", 10u);

		#undef EXPECT_INVALID_SLEB128
		}

TEST(LEB128Test, SLEB128Size) {		TEST(LEB128Test, SLEB128Size) {
// Positive Value Testing Plan:		// Positive Value Testing Plan:
// (1) 128 ^ n - 1 ........ need (n+1) bytes		// (1) 128 ^ n - 1 ........ need (n+1) bytes
// (2) 128 ^ n ............ need (n+1) bytes		// (2) 128 ^ n ............ need (n+1) bytes
// (3) 128 ^ n * 63 ....... need (n+1) bytes		// (3) 128 ^ n * 63 ....... need (n+1) bytes
// (4) 128 ^ n * 64 - 1 ... need (n+1) bytes		// (4) 128 ^ n * 64 - 1 ... need (n+1) bytes
// (5) 128 ^ n * 64 ....... need (n+2) bytes		// (5) 128 ^ n * 64 ....... need (n+2) bytes

▲ Show 20 Lines • Show All 183 Lines • Show Last 20 Lines