cor3ntin created this revision.
Herald added a project: All.
cor3ntin requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
This is a temporary fix (for clang 17) that caps the size of
any array we try to constant evaluate:
There are 2 limits:
- We cap to UINT_MAX the size of ant constant evaluated array, because the
constant evaluator does not support size_t.
- We cap to 100MB the size of allocations made during constant folding and
other non-mandated constant evaluations so that we reduce the risk of crashing
when compiling programs that are valid. Constant folding may still happen in
the backend otherwise the code will be runtime evaluated.
The 100MB linit is a bit arbitrary, but it seems like something that would be
readily available on any system compiling a non trivial c++ program.
Fixes #63562
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D155955
Files:
clang/docs/ReleaseNotes.rst
clang/include/clang/AST/Type.h
clang/lib/AST/ExprConstant.cpp
clang/lib/AST/Type.cpp
clang/test/SemaCXX/cxx2a-constexpr-dynalloc-limits.cpp
Index: clang/test/SemaCXX/cxx2a-constexpr-dynalloc-limits.cpp
===================================================================
--- /dev/null
+++ clang/test/SemaCXX/cxx2a-constexpr-dynalloc-limits.cpp
@@ -0,0 +1,66 @@
+// RUN: %clang_cc1 -std=c++2a -verify %s
+// RUN: %clang_cc1 -std=c++2a -verify=constexpr %s -DCONSTEXPR
+// expected-no-diagnostics
+
+namespace std {
+ using size_t = decltype(sizeof(0));
+ template<typename T> struct allocator {
+ constexpr T *allocate(size_t N) {
+ return (T*)operator new(sizeof(T) * N); // #alloc
+ }
+ constexpr void deallocate(void *p) {
+ operator delete(p);
+ }
+ };
+}
+void *operator new(std::size_t, void *p) { return p; }
+
+namespace std {
+ template<typename T, typename ...Args>
+ constexpr void construct_at(void *p, Args &&...args) {
+ new (p) T((Args&&)args...);
+ }
+}
+
+namespace GH63562 {
+
+template <typename T>
+struct S {
+ constexpr S(unsigned long long N)
+ : data(nullptr){
+ data = alloc.allocate(N); // #call
+ for(std::size_t i = 0; i < N; i ++)
+ std::construct_at<T>(data + i, i);
+
+ }
+ constexpr ~S() {
+ alloc.deallocate(data);
+ }
+ std::allocator<T> alloc;
+ T* data;
+};
+
+#ifdef CONSTEXPR
+constexpr S<std::size_t> s(1099511627777); // constexpr-error {{constexpr variable 's' must be initialized by a constant expression}} \ // expected-note@#alloc {{annot allocate array; evaluated array bound 1099511627777 is too large}} \
+ // constexpr-note@#call {{in call to 'this->alloc.allocate(1099511627777)'}} \
+ // constexpr-note@#alloc {{cannot allocate array; evaluated array bound 1099511627777 is too large}} \
+ // constexpr-note {{in call to 'S(1099511627777)'}}
+#else
+// Check that we do not try to fold very large arrays
+S<std::size_t> s2(1099511627777);
+S<std::size_t> s3(~0ULL);
+#endif
+
+// Check we do not perform constant initialization in the presence
+// of very large arrays (this used to crash)
+
+constexpr int stack_array(auto N) {
+ char BIG[N];
+ return 0;
+}
+
+int a = stack_array(~0U);
+int b = stack_array(~0ULL);
+
+}
+
Index: clang/lib/AST/Type.cpp
===================================================================
--- clang/lib/AST/Type.cpp
+++ clang/lib/AST/Type.cpp
@@ -175,6 +175,11 @@
return TotalSize.getActiveBits();
}
+unsigned
+ConstantArrayType::getNumAddressingBits(const ASTContext &Context) const {
+ return getNumAddressingBits(Context, getElementType(), getSize());
+}
+
unsigned ConstantArrayType::getMaxSizeBits(const ASTContext &Context) {
unsigned Bits = Context.getTypeSize(Context.getSizeType());
Index: clang/lib/AST/ExprConstant.cpp
===================================================================
--- clang/lib/AST/ExprConstant.cpp
+++ clang/lib/AST/ExprConstant.cpp
@@ -1019,6 +1019,43 @@
return false;
}
+ bool IsArrayTooLarge(unsigned BitWidth, uint64_t ElemCount) {
+ if (BitWidth > ConstantArrayType::getMaxSizeBits(Ctx))
+ return true;
+
+ // FIXME: GH63562
+ // APValue stores array extents as unsigned,
+ // so anything that is greater that unsigned would overflow when
+ // constructing the array, we catch this here.
+ if (ElemCount > std::numeric_limits<unsigned>::max())
+ return true;
+
+ // FIXME: GH63562
+ // Arrays allocate an APValue per element.
+ // When constant folding avoid allocating arrays larger than 100MB to
+ // avoid running out of memory when compiling reasonable programs.
+ // Constant Expression evaluation can still exhaust the sytem resources
+ // and crash the compiler.
+ bool RequiresConstantEvaluation =
+ !(checkingPotentialConstantExpression() ||
+ EvalMode == EvalInfo::EM_IgnoreSideEffects ||
+ EvalMode == EvalInfo::EM_ConstantFold);
+ if (RequiresConstantEvaluation) {
+ // Check whether we are performing constant initialization
+ if (const auto *VD = dyn_cast_if_present<VarDecl>(
+ EvaluatingDecl.dyn_cast<const ValueDecl *>());
+ VD && VD->hasGlobalStorage()) {
+ RequiresConstantEvaluation =
+ VD->isConstexpr() || VD->hasAttr<ConstInitAttr>();
+ }
+ }
+ if (ElemCount * sizeof(APValue) > 100'000'000 &&
+ !RequiresConstantEvaluation)
+ return true;
+
+ return false;
+ }
+
std::pair<CallStackFrame *, unsigned>
getCallFrameAndDepth(unsigned CallIndex) {
assert(CallIndex && "no call index in getCallFrameAndDepth");
@@ -3583,6 +3620,19 @@
llvm_unreachable("unknown evaluating decl kind");
}
+static bool CheckArraySize(EvalInfo &Info, const ConstantArrayType *CAT,
+ SourceLocation CallLoc = {}) {
+ if (Info.IsArrayTooLarge(CAT->getNumAddressingBits(Info.Ctx),
+ CAT->getSize().getZExtValue())) {
+ Info.FFDiag(CAT->getSizeExpr() ? CAT->getSizeExpr()->getBeginLoc()
+ : CallLoc,
+ diag::note_constexpr_new_too_large)
+ << CAT->getSize().getZExtValue();
+ return false;
+ }
+ return true;
+}
+
namespace {
/// A handle to a complete object (an object that is not a subobject of
/// another object).
@@ -3757,6 +3807,9 @@
if (O->getArrayInitializedElts() > Index)
O = &O->getArrayInitializedElt(Index);
else if (!isRead(handler.AccessKind)) {
+ if (!CheckArraySize(Info, CAT, E->getExprLoc()))
+ return handler.failed();
+
expandArray(*O, Index);
O = &O->getArrayInitializedElt(Index);
} else
@@ -6491,6 +6544,9 @@
uint64_t Size = CAT->getSize().getZExtValue();
QualType ElemT = CAT->getElementType();
+ if (!CheckArraySize(Info, CAT, CallLoc))
+ return false;
+
LValue ElemLV = This;
ElemLV.addArray(Info, &LocE, CAT);
if (!HandleLValueArrayAdjustment(Info, &LocE, ElemLV, ElemT, Size))
@@ -6499,8 +6555,9 @@
// Ensure that we have actual array elements available to destroy; the
// destructors might mutate the value, so we can't run them on the array
// filler.
- if (Size && Size > Value.getArrayInitializedElts())
+ if (Size && Size > Value.getArrayInitializedElts()) {
expandArray(Value, Value.getArraySize() - 1);
+ }
for (; Size != 0; --Size) {
APValue &Elem = Value.getArrayInitializedElt(Size - 1);
@@ -6727,12 +6784,11 @@
return false;
}
- if (ByteSize.getActiveBits() > ConstantArrayType::getMaxSizeBits(Info.Ctx)) {
+ if (Info.IsArrayTooLarge(ByteSize.getActiveBits(), Size.getZExtValue())) {
if (IsNothrow) {
Result.setNull(Info.Ctx, E->getType());
return true;
}
-
Info.FFDiag(E, diag::note_constexpr_new_too_large) << APSInt(Size, true);
return false;
}
@@ -9615,9 +9671,9 @@
// -- its value is such that the size of the allocated object would
// exceed the implementation-defined limit
- if (ConstantArrayType::getNumAddressingBits(Info.Ctx, AllocType,
- ArrayBound) >
- ConstantArrayType::getMaxSizeBits(Info.Ctx)) {
+ if (Info.IsArrayTooLarge(ConstantArrayType::getNumAddressingBits(
+ Info.Ctx, AllocType, ArrayBound),
+ ArrayBound.getZExtValue())) {
if (IsNothrow)
return ZeroInitialization(E);
Index: clang/include/clang/AST/Type.h
===================================================================
--- clang/include/clang/AST/Type.h
+++ clang/include/clang/AST/Type.h
@@ -3144,6 +3144,8 @@
QualType ElementType,
const llvm::APInt &NumElements);
+ unsigned getNumAddressingBits(const ASTContext &Context) const;
+
/// Determine the maximum number of active bits that an array's size
/// can require, which limits the maximum size of the array.
static unsigned getMaxSizeBits(const ASTContext &Context);
Index: clang/docs/ReleaseNotes.rst
===================================================================
--- clang/docs/ReleaseNotes.rst
+++ clang/docs/ReleaseNotes.rst
@@ -769,10 +769,13 @@
(`#62796 <https://github.com/llvm/llvm-project/issues/62796>`_)
- Merge lambdas in require expressions in standard C++ modules.
(`#63544 <https://github.com/llvm/llvm-project/issues/63544>`_)
-
- Fix location of default member initialization in parenthesized aggregate
initialization.
(`#63903 <https://github.com/llvm/llvm-project/issues/63903>`_)
+- Clang no longer tries to evaluate at compile time arrays that are large
+ enough to cause resource exhaustion, unless they are part of a constant
+ expression.
+ (`#63562 <https://github.com/llvm/llvm-project/issues/63562>`_)
Bug Fixes to AST Handling
^^^^^^^^^^^^^^^^^^^^^^^^^
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
