Re: r311589 - [ubsan] PR34266: When sanitizing the 'this' value for a member function that happens to be a lambda call operator, use the lambda's 'this' pointer, not the captured enclosing 'this' pointer (if any).

Thu, 24 Aug 2017 10:36:42 -0700 

Hi Richard,

It looks like this revision is breaking the x86_64-linux-bootstrap bot
<http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-bootstrap/builds/2104>.
Most of the UBSan checks are failing with the attached error.
Full log at:
http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-bootstrap/builds/2104/steps/check-llvm%20ubsan/logs/stdio

I haven't looked in much detail, so I'm not sure if your change uncovered a
bug in LLVM or if the change is faulty.  Could you please take a look?

Thanks,
Matt Morehouse



On Wed, Aug 23, 2017 at 12:39 PM, Richard Smith via cfe-commits <
cfe-commits@lists.llvm.org> wrote:

> Author: rsmith
> Date: Wed Aug 23 12:39:04 2017
> New Revision: 311589
>
> URL: http://llvm.org/viewvc/llvm-project?rev=311589&view=rev
> Log:
> [ubsan] PR34266: When sanitizing the 'this' value for a member function
> that happens to be a lambda call operator, use the lambda's 'this' pointer,
> not the captured enclosing 'this' pointer (if any).
>
> Modified:
>     cfe/trunk/include/clang/AST/DeclCXX.h
>     cfe/trunk/lib/CodeGen/CodeGenFunction.cpp
>     cfe/trunk/test/CodeGenCXX/catch-undef-behavior.cpp
>
> Modified: cfe/trunk/include/clang/AST/DeclCXX.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/
> clang/AST/DeclCXX.h?rev=311589&r1=311588&r2=311589&view=diff
> ============================================================
> ==================
> --- cfe/trunk/include/clang/AST/DeclCXX.h (original)
> +++ cfe/trunk/include/clang/AST/DeclCXX.h Wed Aug 23 12:39:04 2017
> @@ -2027,7 +2027,10 @@ public:
>
>    /// \brief Returns the type of the \c this pointer.
>    ///
> -  /// Should only be called for instance (i.e., non-static) methods.
> +  /// Should only be called for instance (i.e., non-static) methods. Note
> +  /// that for the call operator of a lambda closure type, this returns
> the
> +  /// desugared 'this' type (a pointer to the closure type), not the
> captured
> +  /// 'this' type.
>    QualType getThisType(ASTContext &C) const;
>
>    unsigned getTypeQualifiers() const {
>
> Modified: cfe/trunk/lib/CodeGen/CodeGenFunction.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/
> CodeGenFunction.cpp?rev=311589&r1=311588&r2=311589&view=diff
> ============================================================
> ==================
> --- cfe/trunk/lib/CodeGen/CodeGenFunction.cpp (original)
> +++ cfe/trunk/lib/CodeGen/CodeGenFunction.cpp Wed Aug 23 12:39:04 2017
> @@ -1014,11 +1014,11 @@ void CodeGenFunction::StartFunction(Glob
>      }
>
>      // Check the 'this' pointer once per function, if it's available.
> -    if (CXXThisValue) {
> +    if (CXXABIThisValue) {
>        SanitizerSet SkippedChecks;
>        SkippedChecks.set(SanitizerKind::ObjectSize, true);
>        QualType ThisTy = MD->getThisType(getContext());
> -      EmitTypeCheck(TCK_Load, Loc, CXXThisValue, ThisTy,
> +      EmitTypeCheck(TCK_Load, Loc, CXXABIThisValue, ThisTy,
>                      getContext().getTypeAlignInChars(ThisTy->
> getPointeeType()),
>                      SkippedChecks);
>      }
>
> Modified: cfe/trunk/test/CodeGenCXX/catch-undef-behavior.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/
> CodeGenCXX/catch-undef-behavior.cpp?rev=311589&r1=
> 311588&r2=311589&view=diff
> ============================================================
> ==================
> --- cfe/trunk/test/CodeGenCXX/catch-undef-behavior.cpp (original)
> +++ cfe/trunk/test/CodeGenCXX/catch-undef-behavior.cpp Wed Aug 23
> 12:39:04 2017
> @@ -449,6 +449,27 @@ void upcast_to_vbase() {
>  }
>  }
>
> +struct ThisAlign {
> +  void this_align_lambda();
> +};
> +void ThisAlign::this_align_lambda() {
> +  // CHECK-LABEL: define {{.*}}@"_ZZN9ThisAlign17this_
> align_lambdaEvENK3$_0clEv"
> +  // CHECK-SAME: (%{{.*}}* %[[this:[^)]*]])
> +  // CHECK: %[[this_addr:.*]] = alloca
> +  // CHECK: store %{{.*}}* %[[this]], %{{.*}}** %[[this_addr]],
> +  // CHECK: %[[this_inner:.*]] = load %{{.*}}*, %{{.*}}** %[[this_addr]],
> +  // CHECK: %[[this_outer_addr:.*]] = getelementptr inbounds %{{.*}},
> %{{.*}}* %[[this_inner]], i32 0, i32 0
> +  // CHECK: %[[this_outer:.*]] = load %{{.*}}*, %{{.*}}**
> %[[this_outer_addr]],
> +  //
> +  // CHECK: %[[this_inner_isnonnull:.*]] = icmp ne %{{.*}}*
> %[[this_inner]], null
> +  // CHECK: %[[this_inner_asint:.*]] = ptrtoint %{{.*}}* %[[this_inner]]
> to i
> +  // CHECK: %[[this_inner_misalignment:.*]] = and i{{32|64}}
> %[[this_inner_asint]], {{3|7}},
> +  // CHECK: %[[this_inner_isaligned:.*]] = icmp eq i{{32|64}}
> %[[this_inner_misalignment]], 0
> +  // CHECK: %[[this_inner_valid:.*]] = and i1 %[[this_inner_isnonnull]],
> %[[this_inner_isaligned]],
> +  // CHECK: br i1 %[[this_inner_valid:.*]]
> +  [&] { return this; } ();
> +}
> +
>  namespace CopyValueRepresentation {
>    // CHECK-LABEL: define {{.*}} @_ZN23CopyValueRepresentation2S3aSERKS0_
>    // CHECK-NOT: call {{.*}} @__ubsan_handle_load_invalid_value
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits@lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
>

/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Target/BPF/TargetInfo/BPFTargetInfo.cpp:31:34:
 runtime error: load of null pointer of type 'const (lambda at 
/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Target/BPF/TargetInfo/BPFTargetInfo.cpp:31:34)
 *'
    #0 0x80bbf1 in 
LLVMInitializeBPFTargetInfo::$_0::operator()(llvm::Triple::ArchType) const 
/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Target/BPF/TargetInfo/BPFTargetInfo.cpp:31:34
    #1 0x80bbcd in 
LLVMInitializeBPFTargetInfo::$_0::__invoke(llvm::Triple::ArchType) 
/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Target/BPF/TargetInfo/BPFTargetInfo.cpp:31:34
    #2 0x9ff573 in bool 
__gnu_cxx::__ops::_Iter_pred<llvm::TargetRegistry::lookupTarget(std::__cxx11::basic_string<char,
 std::char_traits<char>, std::allocator<char> > const&, 
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> 
>&)::$_1>::operator()<llvm::TargetRegistry::iterator>(llvm::TargetRegistry::iterator)
 
/usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/predefined_ops.h:234:16
    #3 0x9ff50b in llvm::TargetRegistry::iterator 
std::__find_if<llvm::TargetRegistry::iterator, 
__gnu_cxx::__ops::_Iter_pred<llvm::TargetRegistry::lookupTarget(std::__cxx11::basic_string<char,
 std::char_traits<char>, std::allocator<char> > const&, 
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> 
>&)::$_1> >(llvm::TargetRegistry::iterator, llvm::TargetRegistry::iterator, 
__gnu_cxx::__ops::_Iter_pred<llvm::TargetRegistry::lookupTarget(std::__cxx11::basic_string<char,
 std::char_traits<char>, std::allocator<char> > const&, 
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> 
>&)::$_1>, std::input_iterator_tag) 
/usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_algo.h:104:36
    #4 0x9ff47d in llvm::TargetRegistry::iterator 
std::__find_if<llvm::TargetRegistry::iterator, 
__gnu_cxx::__ops::_Iter_pred<llvm::TargetRegistry::lookupTarget(std::__cxx11::basic_string<char,
 std::char_traits<char>, std::allocator<char> > const&, 
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> 
>&)::$_1> >(llvm::TargetRegistry::iterator, llvm::TargetRegistry::iterator, 
__gnu_cxx::__ops::_Iter_pred<llvm::TargetRegistry::lookupTarget(std::__cxx11::basic_string<char,
 std::char_traits<char>, std::allocator<char> > const&, 
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> 
>&)::$_1>) 
/usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_algo.h:161:14
    #5 0x9fea16 in 
llvm::TargetRegistry::lookupTarget(std::__cxx11::basic_string<char, 
std::char_traits<char>, std::allocator<char> > const&, 
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> 
>&) 
/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Support/TargetRegistry.cpp:79:12
    #6 0x9fe63b in 
llvm::TargetRegistry::lookupTarget(std::__cxx11::basic_string<char, 
std::char_traits<char>, std::allocator<char> > const&, llvm::Triple&, 
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> 
>&) 
/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Support/TargetRegistry.cpp:51:17
    #7 0x455017 in GetTarget(char const*) 
/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/llvm-mc/llvm-mc.cpp:188:29
    #8 0x453843 in main 
/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/llvm-mc/llvm-mc.cpp:453:29
    #9 0x7fbb79f4c82f in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #10 0x42db08 in _start 
(/mnt/b/sanitizer-buildbot2/sanitizer-x86_64-linux-bootstrap/build/llvm_build_ubsan/bin/llvm-mc+0x42db08)


_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to