[llvm-branch-commits] [compiler-rt] [TySan] Fix struct access with different bases (PR #108385)

via llvm-branch-commits Mon, 02 Dec 2024 11:16:34 -0800

https://github.com/gbMattN updated 
https://github.com/llvm/llvm-project/pull/108385


>From 4f5a7f198988a45fe64b9d1ba88e68a6d7f14e32 Mon Sep 17 00:00:00 2001
From: Matthew Nagy <gbm...@tiger-linux2.domain.snsys.com>
Date: Thu, 12 Sep 2024 12:36:57 +0000
Subject: [PATCH 1/4] [TySan] Fix struct access with different bases

---
 compiler-rt/lib/tysan/tysan.cpp               |  5 +++
 .../tysan/struct-offset-different-base.cpp    | 33 +++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 compiler-rt/test/tysan/struct-offset-different-base.cpp

diff --git a/compiler-rt/lib/tysan/tysan.cpp b/compiler-rt/lib/tysan/tysan.cpp
index f1b6bdcf0d8261..c339a0fca11397 100644
--- a/compiler-rt/lib/tysan/tysan.cpp
+++ b/compiler-rt/lib/tysan/tysan.cpp
@@ -129,6 +129,11 @@ static bool isAliasingLegalUp(tysan_type_descriptor *TDA,
           break;
       }
 
+      // This offset can't be negative. Therefore we must be accessing 
something
+      // partially inside the last type
+      if (TDA->Struct.Members[Idx].Offset > OffsetA)
+        Idx -= 1;
+        
       OffsetA -= TDA->Struct.Members[Idx].Offset;
       TDA = TDA->Struct.Members[Idx].Type;
     } else {
diff --git a/compiler-rt/test/tysan/struct-offset-different-base.cpp 
b/compiler-rt/test/tysan/struct-offset-different-base.cpp
new file mode 100644
index 00000000000000..3e1d6f2a6a42f5
--- /dev/null
+++ b/compiler-rt/test/tysan/struct-offset-different-base.cpp
@@ -0,0 +1,33 @@
+// RUN: %clangxx_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+// Modified reproducer from https://github.com/llvm/llvm-project/issues/105960
+
+#include <stdio.h>
+
+struct inner {
+       char buffer;
+       int i;
+};
+
+void init_inner(inner *iPtr) {
+       iPtr->i = 0;
+}
+
+struct outer {
+       inner foo;
+    char buffer;
+};
+
+int main(void) {
+    outer *l = new outer();
+
+    init_inner(&l->foo);
+    
+    int access_offsets_with_different_base = l->foo.i;
+    printf("%d\n", access_offsets_with_different_base);
+    
+    return 0;
+}
+
+// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation

>From 6f795458c4c16522533dbdcb4d8ace299bfda9ff Mon Sep 17 00:00:00 2001
From: gbMattN <matthew.n...@sony.com>
Date: Tue, 12 Nov 2024 17:05:44 +0000
Subject: [PATCH 2/4] Changed test to check for output

---
 compiler-rt/test/tysan/struct-offset-different-base.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/compiler-rt/test/tysan/struct-offset-different-base.cpp 
b/compiler-rt/test/tysan/struct-offset-different-base.cpp
index 3e1d6f2a6a42f5..4563f7025bea48 100644
--- a/compiler-rt/test/tysan/struct-offset-different-base.cpp
+++ b/compiler-rt/test/tysan/struct-offset-different-base.cpp
@@ -1,5 +1,5 @@
 // RUN: %clangxx_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
-// RUN: FileCheck %s < %t.out
+// RUN: FileCheck %s --implicit-check-not ERROR < %t.out
 
 // Modified reproducer from https://github.com/llvm/llvm-project/issues/105960
 
@@ -11,7 +11,7 @@ struct inner {
 };
 
 void init_inner(inner *iPtr) {
-       iPtr->i = 0;
+       iPtr->i = 200;
 }
 
 struct outer {
@@ -25,9 +25,9 @@ int main(void) {
     init_inner(&l->foo);
     
     int access_offsets_with_different_base = l->foo.i;
-    printf("%d\n", access_offsets_with_different_base);
+    printf("Accessed value is %d\n", access_offsets_with_different_base);
     
     return 0;
 }
 
-// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation
+// CHECK: Accessed value is 200

>From 3e2499197f82a53d8eb44239598d5276638a80f9 Mon Sep 17 00:00:00 2001
From: gbMattN <matthew.n...@sony.com>
Date: Tue, 26 Nov 2024 16:44:43 +0000
Subject: [PATCH 3/4] More format changes

---
 compiler-rt/lib/tysan/tysan.cpp               |  2 +-
 .../tysan/struct-offset-different-base.cpp    | 28 +++++++++----------
 2 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/compiler-rt/lib/tysan/tysan.cpp b/compiler-rt/lib/tysan/tysan.cpp
index c339a0fca11397..c032bd1c0a5f7c 100644
--- a/compiler-rt/lib/tysan/tysan.cpp
+++ b/compiler-rt/lib/tysan/tysan.cpp
@@ -133,7 +133,7 @@ static bool isAliasingLegalUp(tysan_type_descriptor *TDA,
       // partially inside the last type
       if (TDA->Struct.Members[Idx].Offset > OffsetA)
         Idx -= 1;
-        
+
       OffsetA -= TDA->Struct.Members[Idx].Offset;
       TDA = TDA->Struct.Members[Idx].Type;
     } else {
diff --git a/compiler-rt/test/tysan/struct-offset-different-base.cpp 
b/compiler-rt/test/tysan/struct-offset-different-base.cpp
index 4563f7025bea48..da0efd2cb6503c 100644
--- a/compiler-rt/test/tysan/struct-offset-different-base.cpp
+++ b/compiler-rt/test/tysan/struct-offset-different-base.cpp
@@ -6,28 +6,26 @@
 #include <stdio.h>
 
 struct inner {
-       char buffer;
-       int i;
+  char buffer;
+  int i;
 };
 
-void init_inner(inner *iPtr) {
-       iPtr->i = 200;
-}
+void init_inner(inner *iPtr) { iPtr->i = 200; }
 
 struct outer {
-       inner foo;
-    char buffer;
+  inner foo;
+  char buffer;
 };
 
 int main(void) {
-    outer *l = new outer();
-
-    init_inner(&l->foo);
-    
-    int access_offsets_with_different_base = l->foo.i;
-    printf("Accessed value is %d\n", access_offsets_with_different_base);
-    
-    return 0;
+  outer *l = new outer();
+
+  init_inner(&l->foo);
+
+  int access_offsets_with_different_base = l->foo.i;
+  printf("Accessed value is %d\n", access_offsets_with_different_base);
+
+  return 0;
 }
 
 // CHECK: Accessed value is 200

>From 9a5a609f917762dd864e1b261fc292286a9185a0 Mon Sep 17 00:00:00 2001
From: gbMattN <matthew.n...@sony.com>
Date: Fri, 29 Nov 2024 11:41:03 +0000
Subject: [PATCH 4/4] Fixed occasional segfault

---
 compiler-rt/lib/tysan/tysan.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/compiler-rt/lib/tysan/tysan.cpp b/compiler-rt/lib/tysan/tysan.cpp
index c032bd1c0a5f7c..c89692f6f251a8 100644
--- a/compiler-rt/lib/tysan/tysan.cpp
+++ b/compiler-rt/lib/tysan/tysan.cpp
@@ -131,7 +131,9 @@ static bool isAliasingLegalUp(tysan_type_descriptor *TDA,
 
       // This offset can't be negative. Therefore we must be accessing 
something
       // partially inside the last type
-      if (TDA->Struct.Members[Idx].Offset > OffsetA)
+      // We shouldn't check this if we are on the first member, Idx will 
underflow
+      // The first member can be offset in rare cases such as llvm::cl::Option
+      if (TDA->Struct.Members[Idx].Offset > OffsetA && Idx > 0)
         Idx -= 1;
 
       OffsetA -= TDA->Struct.Members[Idx].Offset;

_______________________________________________
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [compiler-rt] [TySan] Fix struct access with different bases (PR #108385)

Reply via email to