This is an archive of the discontinued LLVM Phabricator instance.

Differential D97606

[Clang interpreter] Avoid storing pointers at unaligned locations
ClosedPublic

Authored by jrtc27 on Feb 26 2021, 7:27 PM.

Details

Reviewers
nand
jfb
Bigcheese
rsmith
dexonsmith
Commits
rG40080e7e7f42: [Clang interpreter] Avoid storing pointers at unaligned locations
Summary

The Clang interpreter's bytecode uses a packed stream of bytes
representation, but also wants to have some opcodes take pointers as
arguments, which are currently embedded in the bytecode directly.

However, CHERI, and thus Arm's upcoming experimental Morello prototype,
provide spatial memory safety for C/C++ by implementing language-level
(and sub-language-level) pointers as capabilities, which track bounds,
permissions and validity in hardware. This uses tagged memory with a
single tag bit at every capability-aligned address, and so storing
pointers to unaligned addresses results in the tag being stripped,
leading to a tag fault when the pointer is ultimately dereferenced at a
later point.

In order to support a stricter C/C++ implementation like CHERI, we no
longer store pointers directly in the bytecode, instead storing them in
a table and embedding the index in the bytecode.

Diff Detail

Unit TestsFailed

TimeTest
50 msx64 debian > Flang.Semantics::resolve102.f90
110 msx64 windows > Clang.CodeGenCXX::attr-retain.cpp

Event Timeline

jrtc27 created this revision.Feb 26 2021, 7:27 PM
Herald added subscribers: kristof.beyls, arichardson. · View Herald TranscriptFeb 26 2021, 7:27 PM
jrtc27 requested review of this revision.Feb 26 2021, 7:27 PM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 26 2021, 7:27 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
jrtc27 updated this revision to Diff 326872.Feb 26 2021, 7:30 PM

Reworked code slightly to make it look nicer after clang-format uglified it

jrtc27 mentioned this in D64146: [Clang Interpreter] Initial patch for the constexpr interpreter.Feb 26 2021, 7:34 PM

Is there any way I can usefully test this? As far as I can tell there's only a single constexpr test in the tree that uses the new interpreter, and it's pretty trivial?

Harbormaster completed remote builds in B91165: Diff 326871.Feb 26 2021, 11:32 PM
Harbormaster completed remote builds in B91166: Diff 326872.Feb 26 2021, 11:53 PM
nand added a comment.Mar 3 2021, 12:45 AM

The patches implementing more features/control flow constructs have not yet been committed, so if the pre-existing test passes, the functionality should be fine. Adjustments can be made later on when those patches are rebased.

clang/lib/AST/Interp/Program.h
51

This works for now, but in the future we might want to have a unique integer - pointer mapping for all types that need to be stored in the bytecode.

nand accepted this revision.Mar 3 2021, 12:46 AM
This revision is now accepted and ready to land.Mar 3 2021, 12:46 AM
This revision was landed with ongoing or failed builds.Jul 28 2021, 8:04 AM
Closed by commit rG40080e7e7f42: [Clang interpreter] Avoid storing pointers at unaligned locations (authored by jrtc27). · Explain Why
This revision was automatically updated to reflect the committed changes.
jrtc27 added a commit: rG40080e7e7f42: [Clang interpreter] Avoid storing pointers at unaligned locations.

Revision Contents

PathSize
clang/
lib/
AST/
Interp/
44 lines
13 lines
22 lines
11 lines
15 lines
21 lines
utils/
TableGen/
8 lines

Diff 326872

clang/lib/AST/Interp/ByteCodeEmitter.cpp

//===--- ByteCodeEmitter.cpp - Instruction emitter for the VM ---*- C++ -*-===// //===--- ByteCodeEmitter.cpp - Instruction emitter for the VM ---*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "ByteCodeEmitter.h" #include "ByteCodeEmitter.h"
#include "Context.h" #include "Context.h"
#include "Opcode.h" #include "Opcode.h"
#include "Program.h" #include "Program.h"
#include "clang/AST/DeclCXX.h" #include "clang/AST/DeclCXX.h"
#include <type_traits>
using namespace clang; using namespace clang;
using namespace clang::interp; using namespace clang::interp;
using APSInt = llvm::APSInt; using APSInt = llvm::APSInt;
using Error = llvm::Error; using Error = llvm::Error;
Expected<Function *> ByteCodeEmitter::compileFunc(const FunctionDecl *F) { Expected<Function *> ByteCodeEmitter::compileFunc(const FunctionDecl *F) {
▲ Show 20 LinesShow All 95 Lines▼ Show 20 Lines
} }
bool ByteCodeEmitter::bail(const SourceLocation &Loc) { bool ByteCodeEmitter::bail(const SourceLocation &Loc) {
if (!BailLocation) if (!BailLocation)
BailLocation = Loc; BailLocation = Loc;
return false; return false;
} }
template <typename... Tys>
bool ByteCodeEmitter::emitOp(Opcode Op, const Tys &... Args, const SourceInfo &SI) {
bool Success = true;
/// Helper to write bytecode and bail out if 32-bit offsets become invalid. /// Helper to write bytecode and bail out if 32-bit offsets become invalid.
auto emit = [this, &Success](const char *Data, size_t Size) { /// Pointers will be automatically marshalled as 32-bit IDs.
template <typename T>
static std::enable_if_t<!std::is_pointer<T>::value, void>
emit(Program &P, std::vector<char> &Code, const T &Val, bool &Success) {
size_t Size = sizeof(Val);
if (Code.size() + Size > std::numeric_limits<unsigned>::max()) {
Success = false;
return;
}
const char *Data = reinterpret_cast<const char *>(&Val);
Code.insert(Code.end(), Data, Data + Size);
}
template <typename T>
static std::enable_if_t<std::is_pointer<T>::value, void>
emit(Program &P, std::vector<char> &Code, const T &Val, bool &Success) {
size_t Size = sizeof(uint32_t);
if (Code.size() + Size > std::numeric_limits<unsigned>::max()) { if (Code.size() + Size > std::numeric_limits<unsigned>::max()) {
Success = false; Success = false;
return; return;
} }
uint32_t ID = P.getOrCreateNativePointer(Val);
const char *Data = reinterpret_cast<const char *>(&ID);
Code.insert(Code.end(), Data, Data + Size); Code.insert(Code.end(), Data, Data + Size);
}; }
template <typename... Tys>
bool ByteCodeEmitter::emitOp(Opcode Op, const Tys &... Args, const SourceInfo &SI) {
bool Success = true;
/// The opcode is followed by arguments. The source info is /// The opcode is followed by arguments. The source info is
/// attached to the address after the opcode. /// attached to the address after the opcode.
emit(reinterpret_cast<const char *>(&Op), sizeof(Opcode)); emit(P, Code, Op, Success);
if (SI) if (SI)
SrcMap.emplace_back(Code.size(), SI); SrcMap.emplace_back(Code.size(), SI);
/// The initializer list forces the expression to be evaluated /// The initializer list forces the expression to be evaluated
/// for each argument in the variadic template, in order. /// for each argument in the variadic template, in order.
(void)std::initializer_list<int>{ (void)std::initializer_list<int>{(emit(P, Code, Args, Success), 0)...};
(emit(reinterpret_cast<const char *>(&Args), sizeof(Args)), 0)...};
return Success; return Success;
} }
bool ByteCodeEmitter::jumpTrue(const LabelTy &Label) { bool ByteCodeEmitter::jumpTrue(const LabelTy &Label) {
return emitJt(getOffset(Label), SourceInfo{}); return emitJt(getOffset(Label), SourceInfo{});
} }
Show All 20 Lines

clang/lib/AST/Interp/Disasm.cpp

Show All 15 Lines
#include "Program.h" #include "Program.h"
#include "clang/AST/DeclCXX.h" #include "clang/AST/DeclCXX.h"
#include "llvm/Support/Compiler.h" #include "llvm/Support/Compiler.h"
#include "llvm/Support/Format.h" #include "llvm/Support/Format.h"
using namespace clang; using namespace clang;
using namespace clang::interp; using namespace clang::interp;
template <typename T>
inline std::enable_if_t<!std::is_pointer<T>::value, T> ReadArg(Program &P,
CodePtr OpPC) {
return OpPC.read<T>();
}
template <typename T>
inline std::enable_if_t<std::is_pointer<T>::value, T> ReadArg(Program &P,
CodePtr OpPC) {
uint32_t ID = OpPC.read<uint32_t>();
return reinterpret_cast<T>(P.getNativePointer(ID));
}
LLVM_DUMP_METHOD void Function::dump() const { dump(llvm::errs()); } LLVM_DUMP_METHOD void Function::dump() const { dump(llvm::errs()); }
LLVM_DUMP_METHOD void Function::dump(llvm::raw_ostream &OS) const { LLVM_DUMP_METHOD void Function::dump(llvm::raw_ostream &OS) const {
if (F) { if (F) {
if (auto *Cons = dyn_cast<CXXConstructorDecl>(F)) { if (auto *Cons = dyn_cast<CXXConstructorDecl>(F)) {
DeclarationName Name = Cons->getParent()->getDeclName(); DeclarationName Name = Cons->getParent()->getDeclName();
OS << Name << "::" << Name << ":\n"; OS << Name << "::" << Name << ":\n";
} else { } else {
Show All 39 Lines

clang/lib/AST/Interp/Interp.h

//===--- Interp.h - Interpreter for the constexpr VM ------------*- C++ -*-===// //===--- Interp.h - Interpreter for the constexpr VM ------------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// Definition of the interpreter state and entry point. // Definition of the interpreter state and entry point.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_AST_INTERP_INTERP_H #ifndef LLVM_CLANG_AST_INTERP_INTERP_H
#define LLVM_CLANG_AST_INTERP_INTERP_H #define LLVM_CLANG_AST_INTERP_INTERP_H
#include <limits>
#include <vector>
#include "Function.h" #include "Function.h"
#include "InterpFrame.h" #include "InterpFrame.h"
#include "InterpStack.h" #include "InterpStack.h"
#include "InterpState.h" #include "InterpState.h"
#include "Opcode.h" #include "Opcode.h"
#include "PrimType.h" #include "PrimType.h"
#include "Program.h" #include "Program.h"
#include "State.h" #include "State.h"
#include "clang/AST/ASTContext.h" #include "clang/AST/ASTContext.h"
#include "clang/AST/ASTDiagnostic.h" #include "clang/AST/ASTDiagnostic.h"
#include "clang/AST/CXXInheritance.h" #include "clang/AST/CXXInheritance.h"
#include "clang/AST/Expr.h" #include "clang/AST/Expr.h"
#include "llvm/ADT/APFloat.h" #include "llvm/ADT/APFloat.h"
#include "llvm/ADT/APSInt.h" #include "llvm/ADT/APSInt.h"
#include "llvm/Support/Endian.h" #include "llvm/Support/Endian.h"
#include <limits>
#include <type_traits>
#include <vector>
namespace clang { namespace clang {
namespace interp { namespace interp {
using APInt = llvm::APInt; using APInt = llvm::APInt;
using APSInt = llvm::APSInt; using APSInt = llvm::APSInt;
/// Convers a value to an APValue. /// Convers a value to an APValue.
▲ Show 20 LinesShow All 902 Lines▼ Show 20 Lines
} }
inline bool ExpandPtr(InterpState &S, CodePtr OpPC) { inline bool ExpandPtr(InterpState &S, CodePtr OpPC) {
const Pointer &Ptr = S.Stk.pop<Pointer>(); const Pointer &Ptr = S.Stk.pop<Pointer>();
S.Stk.push<Pointer>(Ptr.expand()); S.Stk.push<Pointer>(Ptr.expand());
return true; return true;
} }
//===----------------------------------------------------------------------===//
// Read opcode arguments
//===----------------------------------------------------------------------===//
template <typename T>
inline std::enable_if_t<!std::is_pointer<T>::value, T> ReadArg(InterpState &S,
CodePtr OpPC) {
return OpPC.read<T>();
}
template <typename T>
inline std::enable_if_t<std::is_pointer<T>::value, T> ReadArg(InterpState &S,
CodePtr OpPC) {
uint32_t ID = OpPC.read<uint32_t>();
return reinterpret_cast<T>(S.P.getNativePointer(ID));
}
/// Interpreter entry point. /// Interpreter entry point.
bool Interpret(InterpState &S, APValue &Result); bool Interpret(InterpState &S, APValue &Result);
} // namespace interp } // namespace interp
} // namespace clang } // namespace clang
#endif #endif

clang/lib/AST/Interp/Program.h

Show All 38 Lines
class Record; class Record;
class Scope; class Scope;
/// The program contains and links the bytecode for all functions. /// The program contains and links the bytecode for all functions.
class Program { class Program {
public: public:
Program(Context &Ctx) : Ctx(Ctx) {} Program(Context &Ctx) : Ctx(Ctx) {}
/// Marshals a native pointer to an ID for embedding in bytecode.
unsigned getOrCreateNativePointer(const void *Ptr);
/// Returns the value of a marshalled native pointer.
const void *getNativePointer(unsigned Idx);
nandUnsubmitted
Not Done
ReplyInline Actions

This works for now, but in the future we might want to have a unique integer - pointer mapping for all types that need to be stored in the bytecode.

nand: This works for now, but in the future we might want to have a unique integer - pointer mapping…
/// Emits a string literal among global data. /// Emits a string literal among global data.
unsigned createGlobalString(const StringLiteral *S); unsigned createGlobalString(const StringLiteral *S);
/// Returns a pointer to a global. /// Returns a pointer to a global.
Pointer getPtrGlobal(unsigned Idx); Pointer getPtrGlobal(unsigned Idx);
/// Returns the value of a global. /// Returns the value of a global.
Block *getGlobal(unsigned Idx) { Block *getGlobal(unsigned Idx) {
▲ Show 20 LinesShow All 83 Lines▼ Show 20 Linesprivate:
/// Mapping from decls to cached bytecode functions. /// Mapping from decls to cached bytecode functions.
llvm::DenseMap<const FunctionDecl *, std::unique_ptr<Function>> Funcs; llvm::DenseMap<const FunctionDecl *, std::unique_ptr<Function>> Funcs;
/// List of anonymous functions. /// List of anonymous functions.
std::vector<std::unique_ptr<Function>> AnonFuncs; std::vector<std::unique_ptr<Function>> AnonFuncs;
/// Function relocation locations. /// Function relocation locations.
llvm::DenseMap<const FunctionDecl *, std::vector<unsigned>> Relocs; llvm::DenseMap<const FunctionDecl *, std::vector<unsigned>> Relocs;
/// Native pointers referenced by bytecode.
std::vector<const void *> NativePointers;
/// Cached native pointer indices.
llvm::DenseMap<const void *, unsigned> NativePointerIndices;
/// Custom allocator for global storage. /// Custom allocator for global storage.
using PoolAllocTy = llvm::BumpPtrAllocatorImpl<llvm::MallocAllocator>; using PoolAllocTy = llvm::BumpPtrAllocatorImpl<llvm::MallocAllocator>;
/// Descriptor + storage for a global object. /// Descriptor + storage for a global object.
/// ///
/// Global objects never go out of scope, thus they do not track pointers. /// Global objects never go out of scope, thus they do not track pointers.
class Global { class Global {
public: public:
▲ Show 20 LinesShow All 67 LinesShow Last 20 Lines

clang/lib/AST/Interp/Program.cpp

Show All 12 Lines
#include "Opcode.h" #include "Opcode.h"
#include "PrimType.h" #include "PrimType.h"
#include "clang/AST/Decl.h" #include "clang/AST/Decl.h"
#include "clang/AST/DeclCXX.h" #include "clang/AST/DeclCXX.h"
using namespace clang; using namespace clang;
using namespace clang::interp; using namespace clang::interp;
unsigned Program::getOrCreateNativePointer(const void *Ptr) {
auto It = NativePointerIndices.find(Ptr);
if (It != NativePointerIndices.end())
return It->second;
unsigned Idx = NativePointers.size();
NativePointers.push_back(Ptr);
NativePointerIndices[Ptr] = Idx;
return Idx;
}
const void *Program::getNativePointer(unsigned Idx) {
return NativePointers[Idx];
}
unsigned Program::createGlobalString(const StringLiteral *S) { unsigned Program::createGlobalString(const StringLiteral *S) {
const size_t CharWidth = S->getCharByteWidth(); const size_t CharWidth = S->getCharByteWidth();
const size_t BitWidth = CharWidth * Ctx.getCharBit(); const size_t BitWidth = CharWidth * Ctx.getCharBit();
PrimType CharType; PrimType CharType;
switch (CharWidth) { switch (CharWidth) {
case 1: case 1:
CharType = PT_Sint8; CharType = PT_Sint8;
▲ Show 20 LinesShow All 336 LinesShow Last 20 Lines

clang/lib/AST/Interp/Source.h

Show All 38 Linespublic:
CodePtr operator-(size_t RHS) const { CodePtr operator-(size_t RHS) const {
assert(Ptr != nullptr && "Invalid code pointer"); assert(Ptr != nullptr && "Invalid code pointer");
return CodePtr(Ptr - RHS); return CodePtr(Ptr - RHS);
} }
bool operator!=(const CodePtr &RHS) const { return Ptr != RHS.Ptr; } bool operator!=(const CodePtr &RHS) const { return Ptr != RHS.Ptr; }
/// Reads data and advances the pointer. /// Reads data and advances the pointer.
template <typename T> T read() { template <typename T> std::enable_if_t<!std::is_pointer<T>::value, T> read() {
T Value = ReadHelper<T>(Ptr); using namespace llvm::support;
T Value = endian::read<T, endianness::native, 1>(Ptr);
Ptr += sizeof(T); Ptr += sizeof(T);
return Value; return Value;
} }
private: private:
/// Constructor used by Function to generate pointers. /// Constructor used by Function to generate pointers.
CodePtr(const char *Ptr) : Ptr(Ptr) {} CodePtr(const char *Ptr) : Ptr(Ptr) {}
/// Helper to decode a value or a pointer.
template <typename T>
static std::enable_if_t<!std::is_pointer<T>::value, T>
ReadHelper(const char *Ptr) {
using namespace llvm::support;
return endian::read<T, endianness::native, 1>(Ptr);
}
template <typename T>
static std::enable_if_t<std::is_pointer<T>::value, T>
ReadHelper(const char *Ptr) {
using namespace llvm::support;
auto Punned = endian::read<uintptr_t, endianness::native, 1>(Ptr);
return reinterpret_cast<T>(Punned);
}
private: private:
friend class Function; friend class Function;
/// Pointer into the code owned by a function. /// Pointer into the code owned by a function.
const char *Ptr; const char *Ptr;
}; };
/// Describes the statement/declaration an opcode was generated from. /// Describes the statement/declaration an opcode was generated from.
Show All 38 Lines

clang/utils/TableGen/ClangOpcodesEmitter.cpp

Show First 20 LinesShow All 118 Lines▼ Show 20 Lines Enumerate(R, N, [this, R, &OS, &N](ArrayRef<Record *> TS, const Twine &ID) {
auto Args = R->getValueAsListOfDefs("Args"); auto Args = R->getValueAsListOfDefs("Args");
OS << "case OP_" << ID << ": {\n"; OS << "case OP_" << ID << ": {\n";
// Emit calls to read arguments. // Emit calls to read arguments.
for (size_t I = 0, N = Args.size(); I < N; ++I) { for (size_t I = 0, N = Args.size(); I < N; ++I) {
OS << " auto V" << I; OS << " auto V" << I;
OS << " = "; OS << " = ";
OS << "PC.read<" << Args[I]->getValueAsString("Name") << ">();\n"; OS << "ReadArg<" << Args[I]->getValueAsString("Name") << ">(S, PC);\n";
} }
// Emit a call to the template method and pass arguments. // Emit a call to the template method and pass arguments.
OS << " if (!" << N; OS << " if (!" << N;
PrintTypes(OS, TS); PrintTypes(OS, TS);
OS << "(S"; OS << "(S";
if (ChangesPC) if (ChangesPC)
OS << ", PC"; OS << ", PC";
Show All 20 Lines
void ClangOpcodesEmitter::EmitDisasm(raw_ostream &OS, StringRef N, Record *R) { void ClangOpcodesEmitter::EmitDisasm(raw_ostream &OS, StringRef N, Record *R) {
OS << "#ifdef GET_DISASM\n"; OS << "#ifdef GET_DISASM\n";
Enumerate(R, N, [R, &OS](ArrayRef<Record *>, const Twine &ID) { Enumerate(R, N, [R, &OS](ArrayRef<Record *>, const Twine &ID) {
OS << "case OP_" << ID << ":\n"; OS << "case OP_" << ID << ":\n";
OS << " PrintName(\"" << ID << "\");\n"; OS << " PrintName(\"" << ID << "\");\n";
OS << " OS << \"\\t\""; OS << " OS << \"\\t\"";
for (auto *Arg : R->getValueAsListOfDefs("Args")) for (auto *Arg : R->getValueAsListOfDefs("Args")) {
OS << " << PC.read<" << Arg->getValueAsString("Name") << ">() << \" \""; OS << " << ReadArg<" << Arg->getValueAsString("Name") << ">(P, PC)";
OS << " << \" \"";
}
OS << " << \"\\n\";\n"; OS << " << \"\\n\";\n";
OS << " continue;\n"; OS << " continue;\n";
}); });
OS << "#endif\n"; OS << "#endif\n";
} }
void ClangOpcodesEmitter::EmitEmitter(raw_ostream &OS, StringRef N, Record *R) { void ClangOpcodesEmitter::EmitEmitter(raw_ostream &OS, StringRef N, Record *R) {
▲ Show 20 LinesShow All 185 LinesShow Last 20 Lines