This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/bindings/ocaml/
-
bindings/
-
ocaml/
-
analysis/
-
CMakeLists.txt
-
analysis_ocaml.c
-
llvm/
-
llvm_ocaml.h
-
llvm_ocaml.c
-
target/
-
CMakeLists.txt
-
target_ocaml.c

Differential D99471

[OCaml] Fix unsafe uses of Store_field
ClosedPublic

Authored by jberdine on Mar 28 2021, 3:28 PM.

Download Raw Diff

Details

Reviewers

vaivaswatha
whitequark

Commits

rG5c25ff8739e0: [OCaml] Fix unsafe uses of Store_field

Summary

Using Store_field to initialize fields of blocks allocated with
caml_alloc_small is unsafe. The fields of blocks allocated by
caml_alloc_small are not initialized, and Store_field calls the
OCaml GC write barrier. If the uninitialized value of a field happens
to point into the OCaml heap, then it will e.g. be added to a conflict
set or followed and have what the GC thinks are color bits
changed. This leads to crashes or memory corruption.

This diff fixes a few (I think all) instances of this problem. Some of
these are creating option values. OCaml 4.12 has a dedicated
caml_alloc_some function for this, so this diff adds a compatible
function with a version check to avoid conflict. With that, macros for
accessing option values are also added.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

jberdine created this revision.Mar 28 2021, 3:28 PM

Herald added a reviewer: whitequark. · View Herald TranscriptMar 28 2021, 3:28 PM

Herald added a subscriber: mgorny. · View Herald Transcript

jberdine requested review of this revision.Mar 28 2021, 3:28 PM

Herald added a project: Restricted Project. · View Herald TranscriptMar 28 2021, 3:28 PM

Herald added a subscriber: llvm-commits. · View Herald Transcript

Harbormaster completed remote builds in B96014: Diff 333738.Mar 28 2021, 3:59 PM

This fixes a potentially hard-to-discover bug ! The last thing that a user of the OCaml API would think of is "oh this function uses Store_field to initialize fields of blocks allocated with caml_alloc_small and that could lead to a hard to trace GC bug".

Thank you !.

This revision is now accepted and ready to land.Mar 29 2021, 9:53 AM

This revision was landed with ongoing or failed builds.Apr 5 2021, 2:59 AM

Closed by commit rG5c25ff8739e0: [OCaml] Fix unsafe uses of Store_field (authored by jberdine). · Explain Why

This revision was automatically updated to reflect the committed changes.

jberdine added a commit: rG5c25ff8739e0: [OCaml] Fix unsafe uses of Store_field.

Revision Contents

Path

Size

llvm/

bindings/

ocaml/

analysis/

CMakeLists.txt

1 line

analysis_ocaml.c

6 lines

llvm/

llvm_ocaml.h

11 lines

llvm_ocaml.c

28 lines

target/

CMakeLists.txt

1 line

target_ocaml.c

17 lines

Diff 335224

llvm/bindings/ocaml/analysis/CMakeLists.txt

	add_ocaml_library(llvm_analysis			add_ocaml_library(llvm_analysis
	OCAML llvm_analysis			OCAML llvm_analysis
	OCAMLDEP llvm			OCAMLDEP llvm
	C analysis_ocaml			C analysis_ocaml
				CFLAGS "-I${CMAKE_CURRENT_SOURCE_DIR}/../llvm"
	LLVM Analysis)			LLVM Analysis)

llvm/bindings/ocaml/analysis/analysis_ocaml.c

	Show All 14 Lines
	\|* *\|			\|* *\|
	\===----------------------------------------------------------------------===/			\===----------------------------------------------------------------------===/

	#include "llvm-c/Analysis.h"			#include "llvm-c/Analysis.h"
	#include "llvm-c/Core.h"			#include "llvm-c/Core.h"
	#include "caml/alloc.h"			#include "caml/alloc.h"
	#include "caml/mlvalues.h"			#include "caml/mlvalues.h"
	#include "caml/memory.h"			#include "caml/memory.h"
				#include "llvm_ocaml.h"

	/* Llvm.llmodule -> string option */			/* Llvm.llmodule -> string option */
	CAMLprim value llvm_verify_module(LLVMModuleRef M) {			CAMLprim value llvm_verify_module(LLVMModuleRef M) {
	CAMLparam0();			CAMLparam0();
	CAMLlocal2(String, Option);			CAMLlocal2(String, Option);

	char *Message;			char *Message;
	int Result = LLVMVerifyModule(M, LLVMReturnStatusAction, &Message);			int Result = LLVMVerifyModule(M, LLVMReturnStatusAction, &Message);

	if (0 == Result) {			if (0 == Result) {
	Option = Val_int(0);			Option = Val_none;
	} else {			} else {
	Option = alloc(1, 0);
	String = copy_string(Message);			String = copy_string(Message);
	Store_field(Option, 0, String);			Option = caml_alloc_some(String);
	}			}

	LLVMDisposeMessage(Message);			LLVMDisposeMessage(Message);

	CAMLreturn(Option);			CAMLreturn(Option);
	}			}

	/* Llvm.llvalue -> bool */			/* Llvm.llvalue -> bool */
	Show All 27 Lines

llvm/bindings/ocaml/llvm/llvm_ocaml.h

	Show All 14 Lines
	\|* *\|			\|* *\|
	\===----------------------------------------------------------------------===/			\===----------------------------------------------------------------------===/

	#ifndef LLVM_LLVM_OCAML_H			#ifndef LLVM_LLVM_OCAML_H
	#define LLVM_LLVM_OCAML_H			#define LLVM_LLVM_OCAML_H

	#include "caml/alloc.h"			#include "caml/alloc.h"
	#include "caml/custom.h"			#include "caml/custom.h"
				#include "caml/version.h"

				#if OCAML_VERSION < 41200
				/* operations on OCaml option values, defined by OCaml 4.12 */
				#define Val_none Val_int(0)
				#define Some_val(v) Field(v, 0)
				#define Tag_some 0
				#define Is_none(v) ((v) == Val_none)
				#define Is_some(v) Is_block(v)
				value caml_alloc_some(value);
				#endif

	/* Convert a C pointer to an OCaml option */			/* Convert a C pointer to an OCaml option */
	CAMLprim value ptr_to_option(void *Ptr);			CAMLprim value ptr_to_option(void *Ptr);

	/* Convert a C string into an OCaml string */			/* Convert a C string into an OCaml string */
	CAMLprim value cstr_to_string(const char *Str, mlsize_t Len);			CAMLprim value cstr_to_string(const char *Str, mlsize_t Len);

	#endif // LLVM_LLVM_OCAML_H			#endif // LLVM_LLVM_OCAML_H

llvm/bindings/ocaml/llvm/llvm_ocaml.c

Show All 18 Lines
#include <stdlib.h>		#include <stdlib.h>
#include <string.h>		#include <string.h>
#include "llvm-c/Core.h"		#include "llvm-c/Core.h"
#include "llvm-c/Support.h"		#include "llvm-c/Support.h"
#include "llvm/Config/llvm-config.h"		#include "llvm/Config/llvm-config.h"
#include "caml/memory.h"		#include "caml/memory.h"
#include "caml/fail.h"		#include "caml/fail.h"
#include "caml/callback.h"		#include "caml/callback.h"

#include "llvm_ocaml.h"		#include "llvm_ocaml.h"

		#if OCAML_VERSION < 41200
		value caml_alloc_some(value v) {
		CAMLparam1(v);
		value Some = caml_alloc_small(1, 0);
		Field(Some, 0) = v;
		CAMLreturn(Some);
		}
		#endif

value llvm_string_of_message(char* Message) {		value llvm_string_of_message(char* Message) {
value String = caml_copy_string(Message);		value String = caml_copy_string(Message);
LLVMDisposeMessage(Message);		LLVMDisposeMessage(Message);

return String;		return String;
}		}

CAMLprim value ptr_to_option(void *Ptr) {		CAMLprim value ptr_to_option(void *Ptr) {
CAMLparam0();
CAMLlocal1(Option);
if (!Ptr)		if (!Ptr)
CAMLreturn(Val_int(0));		return Val_none;
Option = caml_alloc_small(1, 0);		return caml_alloc_some((value)Ptr);
Store_field(Option, 0, (value)Ptr);
CAMLreturn(Option);
}		}

CAMLprim value cstr_to_string(const char *Str, mlsize_t Len) {		CAMLprim value cstr_to_string(const char *Str, mlsize_t Len) {
CAMLparam0();		CAMLparam0();
CAMLlocal1(String);		CAMLlocal1(String);
if (Str) {		if (Str) {
String = caml_alloc_string(Len);		String = caml_alloc_string(Len);
memcpy((char *)String_val(String), Str, Len);		memcpy((char *)String_val(String), Str, Len);
} else {		} else {
String = caml_alloc_string(0);		String = caml_alloc_string(0);
}		}
CAMLreturn(String);		CAMLreturn(String);
}		}

CAMLprim value cstr_to_string_option(const char *CStr, mlsize_t Len) {		CAMLprim value cstr_to_string_option(const char *CStr, mlsize_t Len) {
CAMLparam0();		CAMLparam0();
CAMLlocal2(Option, String);		CAMLlocal1(String);
if (!CStr)		if (!CStr)
CAMLreturn(Val_int(0));		CAMLreturn(Val_none);
String = caml_alloc_string(Len);		String = caml_alloc_string(Len);
memcpy((char *)String_val(String), CStr, Len);		memcpy((char *)String_val(String), CStr, Len);
Option = caml_alloc_small(1, 0);		return caml_alloc_some(String);
Store_field(Option, 0, (value)String);
CAMLreturn(Option);
}		}

void llvm_raise(value Prototype, char *Message) {		void llvm_raise(value Prototype, char *Message) {
CAMLparam1(Prototype);		CAMLparam1(Prototype);
caml_raise_with_arg(Prototype, llvm_string_of_message(Message));		caml_raise_with_arg(Prototype, llvm_string_of_message(Message));
CAMLnoreturn;		CAMLnoreturn;
}		}

▲ Show 20 Lines • Show All 630 Lines • ▼ Show 20 Lines	if (LLVMIsAConstant(Val)) {
DEFINE_CASE(Val, ConstantFP);		DEFINE_CASE(Val, ConstantFP);
DEFINE_CASE(Val, ConstantInt);		DEFINE_CASE(Val, ConstantInt);
DEFINE_CASE(Val, ConstantPointerNull);		DEFINE_CASE(Val, ConstantPointerNull);
DEFINE_CASE(Val, ConstantStruct);		DEFINE_CASE(Val, ConstantStruct);
DEFINE_CASE(Val, ConstantVector);		DEFINE_CASE(Val, ConstantVector);
}		}
if (LLVMIsAInstruction(Val)) {		if (LLVMIsAInstruction(Val)) {
result = caml_alloc_small(1, 0);		result = caml_alloc_small(1, 0);
Store_field(result, 0, Val_int(LLVMGetInstructionOpcode(Val)));		Field(result, 0) = Val_int(LLVMGetInstructionOpcode(Val));
CAMLreturn(result);		CAMLreturn(result);
}		}
if (LLVMIsAGlobalValue(Val)) {		if (LLVMIsAGlobalValue(Val)) {
DEFINE_CASE(Val, Function);		DEFINE_CASE(Val, Function);
DEFINE_CASE(Val, GlobalAlias);		DEFINE_CASE(Val, GlobalAlias);
DEFINE_CASE(Val, GlobalIFunc);		DEFINE_CASE(Val, GlobalIFunc);
DEFINE_CASE(Val, GlobalVariable);		DEFINE_CASE(Val, GlobalVariable);
}		}
▲ Show 20 Lines • Show All 1,908 Lines • Show Last 20 Lines

llvm/bindings/ocaml/target/CMakeLists.txt

	add_ocaml_library(llvm_target			add_ocaml_library(llvm_target
	OCAML llvm_target			OCAML llvm_target
	OCAMLDEP llvm			OCAMLDEP llvm
	C target_ocaml			C target_ocaml
				CFLAGS "-I${CMAKE_CURRENT_SOURCE_DIR}/../llvm"
	LLVM Target)			LLVM Target)

llvm/bindings/ocaml/target/target_ocaml.c

	Show All 17 Lines
	#include "llvm-c/Core.h"			#include "llvm-c/Core.h"
	#include "llvm-c/Target.h"			#include "llvm-c/Target.h"
	#include "llvm-c/TargetMachine.h"			#include "llvm-c/TargetMachine.h"
	#include "caml/alloc.h"			#include "caml/alloc.h"
	#include "caml/fail.h"			#include "caml/fail.h"
	#include "caml/memory.h"			#include "caml/memory.h"
	#include "caml/custom.h"			#include "caml/custom.h"
	#include "caml/callback.h"			#include "caml/callback.h"
				#include "llvm_ocaml.h"

	void llvm_raise(value Prototype, char *Message);			void llvm_raise(value Prototype, char *Message);
	value llvm_string_of_message(char* Message);			value llvm_string_of_message(char* Message);

	/===---- Data Layout -----------------------------------------------------===/			/===---- Data Layout -----------------------------------------------------===/

	#define DataLayout_val(v) ((LLVMTargetDataRef )(Data_custom_val(v)))			#define DataLayout_val(v) ((LLVMTargetDataRef )(Data_custom_val(v)))

	▲ Show 20 Lines • Show All 105 Lines • ▼ Show 20 Lines
	CAMLprim value llvm_datalayout_offset_of_element(LLVMTypeRef Ty, value Index,			CAMLprim value llvm_datalayout_offset_of_element(LLVMTypeRef Ty, value Index,
	value DL) {			value DL) {
	return caml_copy_int64(LLVMOffsetOfElement(DataLayout_val(DL), Ty,			return caml_copy_int64(LLVMOffsetOfElement(DataLayout_val(DL), Ty,
	Int_val(Index)));			Int_val(Index)));
	}			}

	/===---- Target ----------------------------------------------------------===/			/===---- Target ----------------------------------------------------------===/

	static value llvm_target_option(LLVMTargetRef Target) {
	if(Target != NULL) {
	value Result = caml_alloc_small(1, 0);
	Store_field(Result, 0, (value) Target);
	return Result;
	}

	return Val_int(0);
	}

	/* unit -> string */			/* unit -> string */
	CAMLprim value llvm_target_default_triple(value Unit) {			CAMLprim value llvm_target_default_triple(value Unit) {
	char *TripleCStr = LLVMGetDefaultTargetTriple();			char *TripleCStr = LLVMGetDefaultTargetTriple();
	value TripleStr = caml_copy_string(TripleCStr);			value TripleStr = caml_copy_string(TripleCStr);
	LLVMDisposeMessage(TripleCStr);			LLVMDisposeMessage(TripleCStr);

	return TripleStr;			return TripleStr;
	}			}

	/* unit -> Target.t option */			/* unit -> Target.t option */
	CAMLprim value llvm_target_first(value Unit) {			CAMLprim value llvm_target_first(value Unit) {
	return llvm_target_option(LLVMGetFirstTarget());			return ptr_to_option(LLVMGetFirstTarget());
	}			}

	/* Target.t -> Target.t option */			/* Target.t -> Target.t option */
	CAMLprim value llvm_target_succ(LLVMTargetRef Target) {			CAMLprim value llvm_target_succ(LLVMTargetRef Target) {
	return llvm_target_option(LLVMGetNextTarget(Target));			return ptr_to_option(LLVMGetNextTarget(Target));
	}			}

	/* string -> Target.t option */			/* string -> Target.t option */
	CAMLprim value llvm_target_by_name(value Name) {			CAMLprim value llvm_target_by_name(value Name) {
	return llvm_target_option(LLVMGetTargetFromName(String_val(Name)));			return ptr_to_option(LLVMGetTargetFromName(String_val(Name)));
	}			}

	/* string -> Target.t */			/* string -> Target.t */
	CAMLprim LLVMTargetRef llvm_target_by_triple(value Triple) {			CAMLprim LLVMTargetRef llvm_target_by_triple(value Triple) {
	LLVMTargetRef T;			LLVMTargetRef T;
	char *Error;			char *Error;

	if(LLVMGetTargetFromTriple(String_val(Triple), &T, &Error))			if(LLVMGetTargetFromTriple(String_val(Triple), &T, &Error))
	▲ Show 20 Lines • Show All 161 Lines • Show Last 20 Lines