[llvm-branch-commits] [compiler-rt] [TySan] Fix struct access with different bases (PR #108385)

https://github.com/tavianator approved this pull request. https://github.com/llvm/llvm-project/pull/108385 ___ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [compiler-rt] [TySan] Fix struct access with different bases (PR #108385)

tavianator wrote: > ! Oh wow! ... Should the commented out line cause a type violation too? No, `out->i = out->i->n;` is fine because the type of the expression `out->i->n` is just `struct inner *`, so that's the type that will be given to the storage for `out->i`. (Because `out` is dynamical

[llvm-branch-commits] [compiler-rt] [TySan] Fix struct access with different bases (PR #108385)

tavianator wrote: I have consulted with an expert in the strict aliasing rules and we came to the horrifying (to me) conclusion that TySan is actually **correct** in this case, at least according to the C standard. https://github.com/llvm/llvm-project/pull/108385 __

[llvm-branch-commits] [compiler-rt] [TySan] Fix struct access with different bases (PR #108385)

tavianator wrote: I guess the bug there is that the memcpy() interceptor literally copies the dynamic type from `node->next` to `list->head`. Then `list->head` is accessed but tysan thinks the memory has type `struct node::next` which doesn't match. https://github.com/llvm/llvm-project/pull/1

[llvm-branch-commits] [compiler-rt] [TySan] Fix struct access with different bases (PR #108385)

tavianator wrote: Here's the new testcase. Not sure if this bug is related or not. It has to do with `memcpy()`; if you replace the call with the commented-out line above it, it works. ```c struct node { struct node *next; }; struct list { struct node *head, **tail; }; int

[llvm-branch-commits] [compiler-rt] [TySan] Fix struct access with different bases (PR #108385)

https://github.com/tavianator edited https://github.com/llvm/llvm-project/pull/108385 ___ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [compiler-rt] [TySan] Fix struct access with different bases (PR #108385)

https://github.com/tavianator commented: This fixes my reduced testcase but not the unreduced one. I'll try to make a new reduction. https://github.com/llvm/llvm-project/pull/108385 ___ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.

[llvm-branch-commits] [compiler-rt] [TySan] Fix struct access with different bases (PR #108385)

@@ -128,6 +128,10 @@ static bool isAliasingLegalUp(tysan_type_descriptor *TDA, break; } + //You can't have negative offset, you must be partially inside the last type + if (TDA->Struct.Members[Idx].Offset > OffsetA) +Idx -=1; + --

[llvm-branch-commits] [clang] [compiler-rt] [TySan] A Type Sanitizer (Runtime Library) (PR #76261)

tavianator wrote: I also needed ```diff diff --git a/compiler-rt/cmake/config-ix.cmake b/compiler-rt/cmake/config-ix.cmake index ab13d8c03683..f480083231a1 100644 --- a/compiler-rt/cmake/config-ix.cmake +++ b/compiler-rt/cmake/config-ix.cmake @@ -677,6 +677,7 @@ else() filter_available_targ