Skip to content

[Clang] Fix crash in __builtin_assume_aligned #114217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Dec 19, 2024
Merged

[Clang] Fix crash in __builtin_assume_aligned #114217

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a657d11
[Clang] Fix crash in __builtin_assume_aligned
ostannard Oct 30, 2024
86b23fc
Merge branch 'main' into fix-assume-aligned
ostannard Dec 18, 2024
fe68409
Remove obsolete comment
ostannard Dec 18, 2024
fed607e
Add test
ostannard Dec 18, 2024
58c8f49
Fix clang-tidy test
ostannard Dec 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions clang-tools-extra/test/clang-tidy/checkers/cppcoreguidelines/pro-type-vararg.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,8 @@ void my_printf(const char* format, ...) {

int my_vprintf(const char* format, va_list arg ); // OK to declare function taking va_list

void ignoredBuiltinsTest() {
(void)__builtin_assume_aligned(0, 8);
void ignoredBuiltinsTest(void *ptr) {
(void)__builtin_assume_aligned(ptr, 8);
(void)__builtin_constant_p(0);
(void)__builtin_fpclassify(0, 0, 0, 0, 0, 0.f);
(void)__builtin_isinf_sign(0.f);
Expand Down
2 changes: 2 additions & 0 deletions clang/include/clang/Basic/DiagnosticSemaKinds.td
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12324,6 +12324,8 @@ def warn_noderef_to_dereferenceable_pointer : Warning<
def err_builtin_launder_invalid_arg : Error<
"%select{non-pointer|function pointer|void pointer}0 argument to "
"'__builtin_launder' is not allowed">;
def err_builtin_assume_aligned_invalid_arg : Error<
"non-pointer argument to '__builtin_assume_aligned' is not allowed">;

def err_builtin_is_within_lifetime_invalid_arg : Error<
"%select{non-|function }0pointer argument to '__builtin_is_within_lifetime' "
Expand Down
6 changes: 4 additions & 2 deletions clang/lib/Sema/SemaChecking.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5320,9 +5320,11 @@ bool Sema::BuiltinAssumeAligned(CallExpr *TheCall) {
{
ExprResult FirstArgResult =
DefaultFunctionArrayLvalueConversion(FirstArg);
if (checkBuiltinArgument(*this, TheCall, 0))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

checkBuiltinArgument should always either produce an expression with the correct type, or error out. If neither is happening, there's something wrong with type-checking.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Took another look at this... probably this is okay. checkBuiltinArgument isn't actually doing anything useful here, and other places do something similar with DefaultFunctionArrayLvalueConversion().

The comment about "In-place updation of FirstArg by checkBuiltinArgument" should be deleted, though.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

if (!FirstArgResult.get()->getType()->isPointerType()) {
Diag(TheCall->getBeginLoc(), diag::err_builtin_assume_aligned_invalid_arg)
<< TheCall->getSourceRange();
return true;
/// In-place updation of FirstArg by checkBuiltinArgument is ignored.
}
TheCall->setArg(0, FirstArgResult.get());
}

Expand Down
9 changes: 9 additions & 0 deletions clang/test/Sema/builtin-assume-aligned-downgrade.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
// RUN: %clang_cc1 -fsyntax-only -Wno-int-conversion -triple x86_64-linux -verify %s

// Check that the pointer->int conversion error is not downgradable for the
// pointer argument to __builtin_assume_aligned.

int test(int *a, int b) {
a = (int *)__builtin_assume_aligned(b, 32); // expected-error {{non-pointer argument to '__builtin_assume_aligned' is not allowed}}
int *y = __builtin_assume_aligned(1, 1); // expected-error {{non-pointer argument to '__builtin_assume_aligned' is not allowed}}
}
2 changes: 1 addition & 1 deletion clang/test/Sema/builtin-assume-aligned.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ int test13(int *a) {
}

int test14(int *a, int b) {
a = (int *)__builtin_assume_aligned(b, 32); // expected-error {{incompatible integer to pointer conversion passing 'int' to parameter of type 'const void *}}
a = (int *)__builtin_assume_aligned(b, 32); // expected-error {{non-pointer argument to '__builtin_assume_aligned' is not allowed}}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add the test cases from the issue, specifically: #110914 (comment) and #110914 (comment)

We should always include tests that trigger crashes we are fixing to catch possible future regression.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

}

int test15(int *b) {
Expand Down
Loading